Pages

Mac: Traveling naked


One of the interesting things that happened while I was on my recent trip was that I wrote about coconutWiFi and someone else mentioned that I should take a look at iStumbler. It pays to read the comments on this blog because every time I come up with something I think is cool someone says "Check this out..." and I find even more.

iStumbler is great for getting more information than just which networks are in range; it gives you signal strength and quickly shows you other machines on the network through the Bonjour view.

So I'm sitting in the Long Beach airport waiting for my flight after the TSA had their way with me and I fired up the MacBook. Low and behold they offered free WiFi! I happily connected, though the first thing I did was check to see the quality of the connection. Meh - it was low but serviceable. Then I clicked on the Bonjour view and saw the names of 8 other machines in there.

I looked around wondering who had "Flappy" and "Lemming" sitting on their laps. Some poor corporate dude was using "LAPTOP3123" (or something like that). What was interesting was that if they had anything open and shared I could have easily gotten to it. Before you take that laptop on the road you should consider what you have available as shared resources and seriously consider turning on your firewall.

Mac's Built-in Firewall
If you go into Preferences / Security and click on the Firewall tab you will find that you can activate your Mac's built in firewall. By default it is set to "Allow all incoming connections", which means it's turned off.

If you want to seal off your machine from the outside world you can set it to "Allow only essential services" but that really limits what you can do. Many sites today use Ajax calls and this setting causes problems on the sites I tested. Still, it's about as secure as you can get if you are paranoid or in a hostile environment.

The better compromise is setting it to "Set access to specific services and applications". This will prompt you when an application tries to reach out and come back in; you will be prompted to allow it and it will be added to your list of applications.

Rich Mogull put together an excellent article in MacWorld about this titled Close the Ports. Great read if you are interested in tuning your security.

At least this way you won't expose yourself when you travel.

8 comments:

Anonymous said...

You should try Little Snitch. It can be annoying at first but after a day or so it will level off and you will enjoy knowing that your mostly protected both inbound and outbound.

http://www.obdev.at/products/littlesnitch/

David Alison said...

@Anon: Looks interesting - thanks for the tip!

Jeff Bellamy said...

I tried Little Snitch and I just found it tooo annoying.

Totally of Subject.

Paul Desmond is my favorite musician to relax to.

David Alison said...

@Jeff: Jazz fan, eh? My favorite relax music is Andy McKee. He is an amazing guitarist. Couple of links if you want to check him out:

YouTube: Drifting video
CandyRat Records - his label

William said...

You can enable Stealth Mode where it won't answer pings. Under security / firewall / advanced

Steven said...

Andy McKee is amazing. If you like him, you should check out Erik Mongrain.

I'm really enjoying the blog. Keep it up.

David Alison said...

@Steven: Funny, I dugg a video of him just the other day! I really love that style of guitar.

battery said...

If you want to seal off your machine from the outside world you can set it to "Allow only essential services" but that really limits what you can do. Many sites today use Ajax calls and this setting causes problems on the sites I tested. Still, it's about as secure as you can get if you are paranoid or in a hostile environment.