Mac advice needed
Friday March 24, 2006; part of: Nerdery

Dear lazyweb, (may I call you lazy?) When I hook my mother's imac up to a broadband connection next week what kind of security measures should I take? I assume there is a built-in firewall in OSX, which will be fairly efficient. I don't propose to waste money on anti-virus software. Her email is a closely guarded secret, which has so far preserved her from phishery or spam.

Ideally, I would like a VNC connection to be possible, but only from named domains (mine, but they're both on dynamic IP). I know how to do that with linux -- at least I have done it, which suggests that I did once know. I can't find a Windows firewall which will let me do that -- they all want an IP address, rather than a domain name. Is there a simple, idiot-proof1 way to do it on a mac?

I worry about this because I get about ten attempts a week to connect to the VNC server on this machine, and I don't want my mother even to have to think about security of that sort.

1 my mother is not an idiot. But she is closer to ninety than eighty.

Posted by andrewb at March 24, 2006 10:46 AM
Comments

The firewall on the Mac is ipfw; the built-in configuration (on the latest OS version) is still fairly simple; you can add ports where it will listen, but there doesn't seem to be anything more clever. (The best you can do is open up SSH, which might be more open than you really want.) A program called Brickhouse (shareware) lets you configure ipfw in more detail.

There is VNC for the Mac. Haven't tried it myself; not had the need.

Unless you're connecting her via cable, won't you need an ADSL modem in between the box and the wall? There'll be a (browser-)configurable firewall on that too most likely.

Posted by: Charles on March 24, 2006 11:51 AM

Ah. man ipfw suggests that it does allow hostnames as well as addresses in rules, which is what I wanted to hear. Thanks.

I hadn't thought of the firewall in the router. Of course there'll be one. Now all I have to do is to find an ethernet cable. There used to be hundreds around the house ... Butit was all ordered last night, and I don' t know when it will arrive.

Posted by: acb on March 24, 2006 12:16 PM

Apple's Remote Desktop will act as a VNC server (or do they call it a client? at any rate the bit at your mother's end). You may have to download it from Apple.

It's probably not the only such interface, but Flying Buttress [formerly Brickhouse] is a nice interface to ipfw if Apple's doesn't suffice.

Skipping AV is probably a sound decision, but keep current on Apple's security updates, of course.

And get a Mac....

Posted by: Jonathan Lundell on March 24, 2006 03:55 PM

Post a comment
Textile formatting works here. Double hyphens are automatically converted to en dashes, quotes are automatically smartened. You can put dashes and asterisks around text to make italics bold and other silly effects easily.
  • Text wrapped in Asterisks which * will be bold. The asterisks must touch each end of the bold text. There must a space before the first and after the last.
  • Text wrapped in underscores - _ - will be italicised. The underscores must touch each end of the italics. There must a space before the first and after the last.
  • Paragraphs starting bq. will be block quoted. There must be no space before the "b" and one space after the full stop.
  • A hyperlink is made by wrapping the link text in double quotes, followed immediately by a colon, then the URL. If there is a question mark in the URL, wrap the whole lot in square brackets.
  • I use two classes to mark up text that deserves it. sane text looks like this. loony text looks like that. The syntax for those is %(sane)[space] sane text %; loony is left as an exercise to the reader.
Name:



Email Address:



URL:



Comments:



Remember info?