SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

Cable Modem and Macs Security Information

Security Aspect: Macs and Cable Modems
By: Nicholas Raba 02.10.2k
nick@securemac.com
http://www.securemac.com/
[DOWNLOAD]
An issue has surfaced which has been ignored and avoided for a long time. In the past, people thought of Macintosh computers as being so secure that you didn’t even need to talk about security. Since the early 90’s, there have been a few web sites dedicated to Macintosh security or hacking, all of which have surfaced, dissolved and expired.

Picture your network. You’re on one line, and your computer is only listening to its own traffic. But computers aren’t smart, they do what the user tells them to do. On your own network you can use a utility like EtherPeek 4.0 ( www.aggroup.com ), a normal network analysis tool, to decipher the traffic that passes through. A Cable Modem connection is like that network (LAN); everyone is sitting on the same line. Thus, someone can use that utility to analyse other packets on the network. When a user sniffs, or watches for packets in this manner, it is referred to as “Packet Sniffing”. A user can set up the application to use filters which watch specific IP addresses or words within the packet like “pass” and log the packets around it to get someone’s username and password. Packet Sniffing will work for any operating system, so it doesn’t matter if your running Linux, Windows, MacOS, or a Amiga.

What Is Encryption?
Encryption scrambles your data into an unreadable string of characters that can only be unlocked by you or someone you authorize. Encryption strength is greater when you use "strong" cryptographic algorithms and larger encryption key lengths. The longer the key length, the greater the encryption strength. While many encryption schemes use weak 40-bit keys that can be broken in a matter of hours, PGP Personal Privacy uses military-grade encryption with a minimum key length of 128-bits, thus rendering your data unreadable by even the most sophisticated attackers. _1

So if everyone’s data is insecure, how can we protect ourselves?
Not all packets are sent in “Plain Text” (normal writing, without encryption). When you check your mail from a POP3/IMAP client, your login information is sent as plain text. When you Telnet to a remote/local machine your login information is sent in plain text. When your surfing the web without the SECURE icon (lock/key) a user on your cable modem network can watch where you’re going and what you’re doing. And if you’re purchasing something over the Internet without a secure connection (eg: SSL) they can catch your credit card information.

Instead of Telnetting to a computer normally, try out Nifty Telnet SSH (http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ ). NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's http://andrew2.andrew.cmu.edu/dist/niftytelnet.html application which adds support for encrypted terminal sessions using the SSH protocol. The encryption used would stop a normal packet sniffer from monitoring the packets, rather than seeing plain text they would see a encrypted version of it.

E-Mail is something that has been insecure for a long time. For E-Mail to get from one server to another, it passes through many different servers until it reaches the correct host. There really hasn’t been a secure way to send email until PGP came out. PGP is the most notable encryption standard for E-Mail. PGP Freeware (http://web.mit.edu/network/pgp.html ) is a free version of PGP available from MIT. PGP personal Privacy (http://store.mcafee.com/product.asp?ProductID=106&CategoryID=5&t=12%3A26%3A54+PM ) is available for 19.95 from McAfee.com, and is a more up to date version.

Purchasing online has become very important to today’s businesses and home users. However, we hear of rampant credit card theft online and wonder, “What should we do?” We can’t prevent the host from being “hack proof,” but we can look for the SSL logo, or secure warning. Before entering your credit card number, make sure you know the company you are dealing with, and make sure they use SSL for processing. A lot of people prefer placing orders on the phone; think how insecure that could be. You’re talking to Jon Doe, he manually writes down your credit card number for later processing. That little sticky note ends up on his desk or in his pocket. Are your calling from a old cordless phone that isn’t digital? Someone with a scanner can be listening to your calls. We’re not trying to steer you away from buying products online, just trying to get you to think; remember if your cable modem is not configured properly by your ISP, someone on the LAN can be watching your packets.

Now that you know people are watching, what are other methods of securing yourself? Intego’s NetBarrier ( http://www.intego.com/NetBarrier/ ) is a software based personal firewall which protects your Mac from online intruders. The firewall features include checking of incoming and outgoing packets and total control of packets via filters. Anti-vandal features include
? Choice of a defense policy
? Detection of wrong passwords
? Protection against network attacks
? Protection against ping of death
? Protection against ping flooding
? Protection against SYN flooding
? Protection against port scans
? Stops unknown packets (…)
? Controls System Resources
? Provides TCP sequence scrambling


Filters offer:
? Safeguards personal information
? Filters TCP/IP & AppleTalk stacks
? Protection against data thieves
? Protection against hostile Java Applets
? Protection against hostile Plug-Ins


This whole package retails at 174.99, but is on sale @ their website for 74.95 http://www.intego.com/buynow/

If NetBarrier’s pricing is out of your range take a look at DoorStep Personal Edition (http://www2.opendoor.com/doorstop/DoorStop11.html); an evaluation version is available for download.

File sharing on a Mac is simple; you turn it on and off from the control panel. A lot of users don’t understand exactly what they are doing, or forget to turn it off. Make sure file sharing is turned off if you’re on a cable modem. If you leave it on, make sure you set the password, and you limit the sharing to a specific directory rather than your whole Hard Disk. Double check to see that GUEST doesn’t have full access, and make sure that only specified users with secure passwords can run applications from the computer.

Cable Modem users are generally the first people to be targeted by those who scan networks, because they are assured of quick connections which they can use for a proxy, and they are easier to hack, as they have a set address on the Internet. So if you run any servers, make sure they are limited; make sure they are configured properly and that you change all default passwords right away!

First Edition of Macs and Cable Modems.
[DOWNLOAD]


FEEDBACK TIME!


Enter Email Address:

Enter your message:


Select Either of These Two Buttons


Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners