Securing your Mac – Sharing (Too Much)

Sharing files on your home network is fantastically convenient. Mac OS X makes it especially easy to access others’ shared files too, because it all shows up front and centre in the Finder — well, actually it’s left-aligned, in the sidebar, but you get the point.

Making your Mac behave as a server, even if it is just for accessing your stuff at home, is something you do need to be aware of when it comes to security. Sharing your files on your home network is great — but are you sure you’re not unintentionally sharing too much when you leave the house with your MacBook?

In this second post in my Mac Security series, we will be looking at sharing, servers, and switching things off.

Investigating Sharing Preferences

Mac OS X has one central location for configuring all of its built-in sharing abilities, and we’ll find that in System Preferences > Sharing. Open up that Preference Pane and check to see if the padlock in the lower left is locked or unlocked. If necessary, click it and enter an administrator’s username and password to be able to make changes.

It’s a fairly simple interface — the table on the left lists all of the different sharing services available. As you click each item in the list, its details are displayed in the area on the right, but there’s also a checkbox for each list item. To switch things on and off, simply toggle these checkboxes.

Take a look at your Sharing Preference Pane and see what is enabled. Are you using all of the things that are switched on? If there’s something obvious here that you switched on once and haven’t used since, go ahead and switch it off. (I’ve been guilty of leaving Bluetooth Sharing on, long after ceasing to use the mobile phone for which I needed that service!)

Sharing with the World

Of course, while you’re at home, there will probably be things you want to leave switched on, because they’re useful.

But consider for a moment what happens when you leave the house with your MacBook. If you have File Sharing switched on, then you log on at a public Wi-Fi hotspot at a coffee shop downtown, File Sharing is still enabled there. At home, it’s a reasonable assumption to make that the other devices on your local network are trustworthy. But as soon as you’re ‘on the road’, you’re still potentially serving up the same files to anyone else in that location. Anyone else…who should not be presumed trustworthy.

“But I have a username and password on the share preventing just anyone from accessing those files!”, I hear you protest. Well, OK, but what if there is a vulnerability in the software that runs that file server, or something else exposed by that service that you hadn’t considered as being a risk?

And that’s just an example for File Sharing. If you left something like Remote Login enabled, you’re giving everyone on that network as much opportunity as they want to try and guess your password and gain access to everything on your system.

My point here is this — before you connect your computer to an untrusted network, take a moment to switch things off in Sharing Preferences. It does take a moment, but it’s simple and it means you can be sure that nothing of yours will be offered up to a passing stranger.

Side Note: I do something a little different when I connect my MacBook Pro to untrusted networks.  Rather than switching off all the shared services individually on my Mac, I’ll go to System Preferences > Security > Firewall > Advanced and then tick the box labeled “Block all incoming connections” instead. Depending on the number of services enabled, this may be faster. The bad thing about my method is, this also blocks all other incoming services such as Evernote, Dropbox, and so on. – Mike

Preferred Wi-Fi Networks

While we’re on the subject of trusted and untrusted networks — if you have a wireless-enabled Mac, take a look at System Preferences > Network and click on AirPort. Once again, make sure the Preference Pane is unlocked, then click on Advanced.

AirPort Advanced Settings

Here, you will find a list of all your Mac’s ‘Preferred Networks’. Any Wi-Fi network in this list will be joined automatically as soon as it is within range. You should take a moment here to consider each network in this list. Do you really need to auto-connect to all of them? If you can live with the inconvenience of manually clicking a network when you’re out and about, it gives you a chance to pop into Sharing Preferences and switch things off before you’re connected — and it also guards against unscrupulous individuals forcing your Mac to connect to a malicious impostor Wi-Fi network (anyone can call a Wi-Fi network anything they want!).

You should also consider disabling the setting ‘Remember networks this computer has joined’ on this page. It’s this setting that adds any network you choose to connect to into the Preferred Networks list. We’ve just discussed the benefits of being more selective about that list — really it should only contain networks that you trust, so this setting is definitely worth switching off.

Join us Next Time…

Switching off unnecessary Sharing services, and removing undesired entries from your Preferred Networks list goes a long way towards keeping your Mac safe when you’re roaming around. Combine that with the previous post’s advice about the Firewall (particularly once you have Stealth Mode enabled) and you now have a pretty good setup for being connected to an untrusted network.

Of course, as is often the way with computer security, this alone is not the whole story. It’s worth remembering that anything you do at a public Wi-Fi hotspot should be considered completely public and visible to everyone, unless there’s a layer of encryption protecting you (such as an HTTPS connection to your favourite webmail service).

In the next post, we’ll take a look at yet another aspect of Mac security — and show some more of the easy things you can do to stay safe. Until next time!