The answer depends on questions you should ask yourself, like "what are you up to do" or "how many money would you like to spend". Little Snitch, this program will alert you to all network connections.DocSommer wrote:Sometimes there is no "best solution". If you want to closely monitor your network connections, take a look at Even better would be to create a separate account for this kind of web access. The easiest way to do this is choose one browser, say firefox, and use that for general use on the network, and use a different browser for any access to banking accounts or other web sites where security is a concern. So one of the more important ways to protect yourself is to segregate your browsing activity. Also, you can be identified on the internet by the uniqueness your browser configuaration. These days many of the attacks attempted against a computer are initiated by getting the browser to load some malicious code. That should help protect against known malware. Other types of malware are more problematic, but as of snow leopard Apple includesĪ set of malware definitions. There are some commerical products out there, but for the mac, I think But there are a few that have shown up in the last few years. My favorite (but I'm partial to it because I helped put it together) is Timelox and thehand, which is a version of SSHD that will run a script to insert a block on an ip address in the firewall after a given number of failed login attempts.Īs a unixy operating system, OSX is not really prone to viruses. Another option is to use an add on to SSHD that monitors connection failures and takes an action when a pattern of failures is matched. One is to modify your firewall or use tcpwrappers to control the ip numbers or range whence ssh connections are allowed. The latter disallows root login with a password, but will allow root to login with a key (generally much safer than using a password). PermitRootLogin: Root is not enabled by default in OSX, but if you are the kind of person that might enable root to do something, set this to either "no" or "without-password". Default is 10, but for a single user machine 2 is fine. MaxStartups: This controls how many unauthenticated connections are allowed, that is to say, connections that have been made, but for which no authetication has not yet succeded. The default is 6, but unless you're using something else to block failures (see TimeLox below), it's better to set this to 3. MaxAuthTries: This is how many failed logins will be accepted before the connection is dropped. Change the port to some arbitrary number above 1024, and then tell your SSH client that port number when you login.ĪllowUsers: Set this to the user name that you want to allow to login, usually yourself. Personally, I'm not a fan of changing this, but many people believe that changing the port is a good way to hide from most attackers. Port: This is the port that SSHD listens on. But here are some settings you can tweak: The settings files for SSHD is /etc/sshd_config, and you can run:įrom the command line for more information. By it's nature, it's pretty secure-all connections are encrypted, and the service will slow down login attempts as passwords fail. SSHD is the service that starts if you have Remote Login enabled. Through ssh: A general guide to tunneling connections through Noobproof: Firewall configuration tools for OSXīuttress: A great firewall configuration tool Fortunately, there are ways to control this. This isn't the best use of a firewall, which is enable access to a service for a limited range of ip numbers. In 10.5, an application level firewall is included-this helps, but still leaves a given port open to the internet. As of 10.2 Apple includes a tool in system preferences to enable the firewall, but it's a very simple implementation that will only enable or disable a port for the entire internet. OS X comes with a unix firewall program called IPFW, and there are a variety of programs you can use to access it from the GUI. But there are some significant things you can do, especially if you run any services like httpd or sshd. The most important thing to do is keep your software up to date by using the Software Update program in System Preferences.
0 Comments
Leave a Reply. |