Macintosh Security (revised 12/01)

Macintosh users need to be aware that Macintosh computers connected to network have network security risks. When you turn on file sharing (MacOS 7 or higher version), you allow network access to your Macintosh. This can be very useful but also has a security risk, if not properly done.

If you don't need to share files, you should turn file sharing off.
If you must have file sharing on, make sure it is set up correctly.

Below are instructions for setting up owner priviledges

  • Open the Sharing Setup control panel (the File Sharing control panel in MacOS 8) and set the owner name, owner password and computer name. This computer name is then advertised on the Appletalk network.
  • Close the control panel to make the changes effective.
  • Enabling File Sharing: Do not enable File Sharing unless there are people who really need to access files on your Macintosh. This may make your Macintosh open to unauthorised access. To ensure File Sharing is off, go into the File Sharing Setup control panel and check that the File Sharing Button reads "Start". If it reads "Stop" file sharing is currently running. You should disable Program Linking on the same control panel in the same manner. It opens your Macintosh to attack via Finder scripting.
  • If you must use file sharing: Turn off the automatic Owner access to the entire hard disk. Open the Users & Groups control panel, open the icon with your Owner name on it, and turn off "Allow user to see entire disk."
  • Ensure access for Guest users is turned off. In the Users & Groups control panel, open the Guest icon, and turn off the "Allow user to connect" option.
  • When you create users, give them passwords. As with any other password, don't use someone's name, birthdate, or other obvious, easily available information.
  • Create a folder just for shared information and share it, not the entire hard disk.
  • When sharing a folder, ensure groups and users have appropriate access to the folder (read only, read write, or no access).

More tips:

  • Avoid bad passwords in any program. Your username, nicknames, your dog's name, movie names, words searchable in dictionary are commonly used bad passwords.
  • Allowing physical access to your computer. It does very little good to set everything up right if anyone can walk up to your computer and get anything they want. If you can't keep your computer in a secure place, a password on the screen saver will protect your computer from casual snoopers. DiskLock, FolderLock could be useful protections.

Other vulnerabilities:

  • If you use either NCSA telnet or tn3270 on a Macintosh, do not enable ftp access. To move files between your Macintosh and another Unix based computer, use an ftp client program such as Fetch.
  • Certain programs and features that allow remote access to your computer such as Retrospect Remote, Program Linking, Timbuktu, AllShare, Apple Remote Access, MacHTTP, WebStar, WebForOne, NetPresnz etc., have the potential of opening security holes.
  • You should be using the most current virus protection.

Useful Links for Understanding Macintosh Security:

The University of Virginia
About.com has lots of Macintosh security specific links

 

701 W. Broad St., Box 843059
Richmond, VA 23284
(804) 828-1177
RSS

 
VCU