Dear lazyweb, (may I call you lazy?) When I hook my mother’s imac up to a broadband connection next week what kind of security measures should I take? I assume there is a built-in firewall in OSX, which will be fairly efficient. I don’t propose to waste money on anti-virus software. Her email is a closely guarded secret, which has so far preserved her from phishery or spam.
Ideally, I would like a VNC connection to be possible, but only from named domains (mine, but they’re both on dynamic IP). I know how to do that with linux — at least I have done it, which suggests that I did once know. I can’t find a Windows firewall which will let me do that — they all want an IP address, rather than a domain name. Is there a simple, idiot-proof1 way to do it on a mac?
I worry about this because I get about ten attempts a week to connect to the VNC server on this machine, and I don’t want my mother even to have to think about security of that sort.
1 my mother is not an idiot. But she is closer to ninety than eighty.
Apple’s Remote Desktop will act as a VNC server (or do they call it a client? at any rate the bit at your mother’s end). You may have to download it from Apple.
Skipping AV is probably a sound decision, but keep current on Apple’s security updates, of course.
And get a Mac….
The firewall on the Mac is ipfw; the built-in configuration (on the latest OS version) is still fairly simple; you can add ports where it will listen, but there doesn’t seem to be anything more clever. (The best you can do is open up SSH, which might be more open than you really want.) A program called Brickhouse (shareware) lets you configure ipfw in more detail.
There is VNC for the Mac. Haven’t tried it myself; not had the need.
Unless you’re connecting her via cable, won’t you need an ADSL modem in between the box and the wall? There’ll be a (browser-)configurable firewall on that too most likely.
Ah. “man ipfw”:http://www.hmug.org/man/8/ipfw.php suggests that it does allow hostnames as well as addresses in rules, which is what I wanted to hear. Thanks.
I hadn’t thought of the firewall in the router. Of course there’ll be one. Now all I have to do is to find an ethernet cable. There used to be hundreds around the house … Butit was all ordered last night, and I don’ t know when it will arrive.