Responsible Serving

In light of the last post, I think it's my responsibility to highlight some important points about securing a Mac Server. These are also just good ideas for any computer.

  1. Turn on your firewall. It's easy and it works.
  2. Check your router port forwarding. Make sure you know where your incoming traffic is going. Specifically, if you do not forward your incoming HTTP connections, then your router is accessible from the Internet. This may be what you want, but for me, that is out of the question.
  3. Check your open ports. Just visit Gibson Research's ShieldsUP! test site. If you do not understand the results, then you are not ready to run a home server. It shouldn't take long to familiarize yourself with what the various ports are used for.
  4. Check your logs. Open the Console (in the Utilities folder) and check the following logs periodically: appfirewall.log, apache2 error_log, ftp.log. Better still, is to invest in Little Snitch. It's by the makers of LaunchBar so you know it's good. Little Snitch can be configured to alert you of almost any unusual activity. I have it on all of my Macs.
  5. Change your passwords regularly. I keep a monthly task to reset all of my critical passwords. It's annoying but it's worth it. Make a list of all of the services that you may have given access to your personal confidential information. Now change those passwords every 30 days. That includes PayPal, Amazon, Netflix, and Apple. Your bank account may be drained from these entry points the same as your banking Web site. For example, a miscreant could "gift" $2000 of Apple gift cards to an accomplice and then sell the cards for profit. It's much less likely a hacker will target your bank since the security is generally much greater than your Netflix account.
  6. Use strong passwords. Don't use your birthday or name. Don't use anything that could be discovered in public records, like your dog's name. Use non-sense gibberish. See #6.
  7. Use 1Password. This is self explanatory. Just buy it.
  8. Secure your most private data outside of the file system. I secure all of my financial and personal information in encrypted disk images (DMG). These can be accessed directly from the file system but I prefer to use Knox from the makers of 1Password. It's simple and always works. It also gives me direct access to the disk images through my menu bar. I have not had any problems keeping large encrypted disk images in Dropbox either. The only downside is that a small change to the encrypted disk means the entire image must be resynced through Dropbox. It's a small price to pay for high security.