Column: Macs and Cable Modem

Cable Modem and Macs Security Information

Security Aspect: Macs and Cable Modems

An issue has surfaced which has been ignored and avoided for a long time. In the past, people thought of Macintosh computers as being so secure that you didn’t even need to talk about security. Since the early 90’s, there have been a few web sites dedicated to Macintosh security or hacking, all of which have surfaced, dissolved and expired.

Picture your network. You’re on one line, and your computer is only listening to its own traffic. But computers aren’t smart, they do what the user tells them to do. On your own network you can use a utility like EtherPeek 4.0 ( www.aggroup.com ), a normal network analysis tool, to decipher the traffic that passes through. A Cable Modem connection is like that network (LAN); everyone is sitting on the same line. Thus, someone can use that utility to analyse other packets on the network. When a user sniffs, or watches for packets in this manner, it is referred to as �Packet Sniffing�. A user can set up the application to use filters which watch specific IP addresses or words within the packet like �pass� and log the packets around it to get someone’s username and password. Packet Sniffing will work for any operating system, so it doesn’t matter if your running Linux, Windows, MacOS, or a Amiga.

What Is Encryption?

Encryption scrambles your data into an unreadable string of characters that can only be unlocked by you or someone you authorize. Encryption strength is greater when you use “strong” cryptographic algorithms and larger encryption key lengths. The longer the key length, the greater the encryption strength. While many encryption schemes use weak 40-bit keys that can be broken in a matter of hours, PGP Personal Privacy uses military-grade encryption with a minimum key length of 128-bits, thus rendering your data unreadable by even the most sophisticated attackers. _1

So if everyone’s data is insecure, how can we protect ourselves?

Not all packets are sent in �Plain Text� (normal writing, without encryption). When you check your mail from a POP3/IMAP client, your login information is sent as plain text. When you Telnet to a remote/local machine your login information is sent in plain text. When your surfing the web without the SECURE icon (lock/key) a user on your cable modem network can watch where you’re going and what you’re doing. And if you’re purchasing something over the Internet without a secure connection (eg: SSL) they can catch your credit card information.
Instead of Telnetting to a computer normally, try out Nifty Telnet SSH (http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ ). NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman’s http://andrew2.andrew.cmu.edu/dist/niftytelnet.html application which adds support for encrypted terminal sessions using the SSH protocol. The encryption used would stop a normal packet sniffer from monitoring the packets, rather than seeing plain text they would see a encrypted version of it.

E-Mail is something that has been insecure for a long time. For E-Mail to get from one server to another, it passes through many different servers until it reaches the correct host. There really hasn’t been a secure way to send email until PGP came out. PGP is the most notable encryption standard for E-Mail. PGP Freeware (http://web.mit.edu/network/pgp.html ) is a free version of PGP available from MIT. PGP personal Privacy (http://store.mcafee.com/product.asp?ProductID=106&CategoryID=5&t=12%3A26%3A54+PM ) is available for 19.95 from McAfee.com, and is a more up to date version.

Purchasing online has become very important to today’s businesses and home users. However, we hear of rampant credit card theft online and wonder, �What should we do?� We can’t prevent the host from being �hack proof,� but we can look for the SSL logo, or secure warning. Before entering your credit card number, make sure you know the company you are dealing with, and make sure they use SSL for processing. A lot of people prefer placing orders on the phone; think how insecure that could be. You’re talking to Jon Doe, he manually writes down your credit card number for later processing. That little sticky note ends up on his desk or in his pocket. Are your calling from a old cordless phone that isn’t digital? Someone with a scanner can be listening to your calls. We’re not trying to steer you away from buying products online, just trying to get you to think; remember if your cable modem is not configured properly by your ISP, someone on the LAN can be watching your packets.

Now that you know people are watching, what are other methods of securing yourself? Intego’s NetBarrier ( http://www.intego.com/NetBarrier/ ) is a software based personal firewall which protects your Mac from online intruders. The firewall features include checking of incoming and outgoing packets and total control of packets via filters.

Anti-vandal features include:

? Choice of a defense policy
? Detection of wrong passwords
? Protection against network attacks
? Protection against ping of death
? Protection against ping flooding
? Protection against SYN flooding
? Protection against port scans
? Stops unknown packets (�)
? Controls System Resources
? Provides TCP sequence scrambling

Filters offer:

? Safeguards personal information
? Filters TCP/IP & AppleTalk stacks
? Protection against data thieves
? Protection against hostile Java Applets
? Protection against hostile Plug-Ins

This whole package retails at 174.99, but is on sale @ their website for 74.95 http://www.intego.com/buynow/

If NetBarrier’s pricing is out of your range take a look at DoorStep Personal Edition (http://www2.opendoor.com/doorstop/DoorStop11.html); an evaluation version is available for download.

File sharing on a Mac is simple; you turn it on and off from the control panel. A lot of users don’t understand exactly what they are doing, or forget to turn it off. Make sure file sharing is turned off if you’re on a cable modem. If you leave it on, make sure you set the password, and you limit the sharing to a specific directory rather than your whole Hard Disk. Double check to see that GUEST doesn’t have full access, and make sure that only specified users with secure passwords can run applications from the computer.

Cable Modem users are generally the first people to be targeted by those who scan networks, because they are assured of quick connections which they can use for a proxy, and they are easier to hack, as they have a set address on the Internet. So if you run any servers, make sure they are limited; make sure they are configured properly and that you change all default passwords right away!

By: Nicholas Raba 02.10.2k
nick@securemac.com
https://www.securemac.com/