Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Being on an open network

2 views
Skip to first unread message

Howard Brazee

unread,
Mar 26, 2013, 3:26:48 PM3/26/13
to

Any specific advice for someone whose Macs are on an open network? My
wife and I need to access each others' computers, but would rather not
be open to the world.

I went to my hard drive in Finder and didn't have the ability to
change its world access, probably because I am not logged on as
administrator.

Salvatore

unread,
Mar 26, 2013, 4:14:56 PM3/26/13
to
On 2013-03-26, Howard Brazee <how...@brazee.net> wrote:
> Any specific advice for someone whose Macs are on an open network? My
> wife and I need to access each others' computers, but would rather not
> be open to the world.

Password protection should suffice. Exactly which services are running
on your computers?

--
Blah blah bleh...
GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++

Howard Brazee

unread,
Mar 26, 2013, 10:24:43 PM3/26/13
to
On Tue, 26 Mar 2013 20:14:56 +0000 (UTC), Salvatore
<s...@yojimbo.hack.invalid> wrote:

>On 2013-03-26, Howard Brazee <how...@brazee.net> wrote:
>> Any specific advice for someone whose Macs are on an open network? My
>> wife and I need to access each others' computers, but would rather not
>> be open to the world.
>
>Password protection should suffice. Exactly which services are running
>on your computers?

I don't think I have any services running.

I don't currently need to log on to my wife's computer (from my
computer) to access it. I want to be sure others can't. I'll try
from the computers they have in a computer room.

--
Anybody who agrees with one side all of the time or disagrees with the
other side all of the time is equally guilty of letting others do
their thinking for them.

Salvatore

unread,
Mar 27, 2013, 8:59:27 AM3/27/13
to
On 2013-03-26, Howard Brazee <how...@brazee.net> wrote:
> I don't think I have any services running.

Mac OS X shouldn't have any services enabled by default, but to make
sure, go to System Preferences in the Apple menu and click "Sharing".

> I don't currently need to log on to my wife's computer (from my
> computer) to access it. I want to be sure others can't. I'll try
> from the computers they have in a computer room.

If no sharing services are enabled, you're safe.

Bob Harris

unread,
Mar 27, 2013, 10:58:47 AM3/27/13
to
In article <qft3l8dtshcljr5nc...@4ax.com>,
Strong passwords, where strong is longer, NOT finger gymnastic
complicated.
<http://xkcd.com/936/>
<https://www.grc.com/haystack.htm>

If you are worried about having file sharing/screen sharing ports
open, then do everything over ssh tunnels using "Remote Login"
(port 22) as your only open port. ssh connections are encrypted
so all traffic is protected.

You can do all kinds of tricks with ssh, including configuring it
so that it will not accept password logins, ONLY ssh-keygen key
pairs which would only exist on your wife's and your Macs.

ssh tunnels can tunnel just about any TCP connection, including
Screen Sharing and Apple File Sharing, to name 2 more common Mac
sharing services.

There are even Mac OS X ssh GUIs you can use to handle some of the
messy ssh setup work, although some tricks may still need some
Terminal work.

Another approach is to use Hamachi to create your own VPN between
your wife's and your Macs (free for personal use).
<http://www.macupdate.com/app/mac/36286/logmein-hamachi>
<https://secure.logmein.com/US/products/hamachi/default.aspx>
All your file sharing and screen sharing can passed over Hamachi
so they are encrypted and not visible to the neighbors.

But above all, address the secure passwords first, and everything
else will be gravy.

> I went to my hard drive in Finder and didn't have the ability to
> change its world access, probably because I am not logged on as
> administrator.

Do not worry about on-disk protections, as first the people have
to get into your Mac.

If they have physical access, they can do anything, and on-disk
permissions do not count. If truly worried about physical access
then consider whole disk encryption (File Vault 2 will do this,
but note, if you forget the password, you are toast; also make
sure backups are also encrypted).

If not worried about physical access, then you just have to
protect the network access, and again, we are back to strong
passwords.

Jolly Roger

unread,
Mar 27, 2013, 11:50:24 AM3/27/13
to
In article <rvl4l8pdthr65v219...@4ax.com>,
Howard Brazee <how...@brazee.net> wrote:

> On Tue, 26 Mar 2013 20:14:56 +0000 (UTC), Salvatore
> <s...@yojimbo.hack.invalid> wrote:
>
> >On 2013-03-26, Howard Brazee <how...@brazee.net> wrote:
> >> Any specific advice for someone whose Macs are on an open network? My
> >> wife and I need to access each others' computers, but would rather not
> >> be open to the world.
> >
> >Password protection should suffice. Exactly which services are running
> >on your computers?
>
> I don't think I have any services running.
>
> I don't currently need to log on to my wife's computer (from my
> computer) to access it. I want to be sure others can't. I'll try
> from the computers they have in a computer room.

If you truly don't want anyone to connect to your wife's Mac, simply go
to your wife's computer and uncheck every item in the System Preferences
> Sharing panel.

After that, run this command in Terminal on your wife's computer to see
which applications/services are still accepting connections:

lsof -i4 | grep LISTEN

For each application listed, you'll need to go into the application
preferences and disable sharing. In iTunes and iPhoto, for instance,
there is a Sharing tab at the top of the Preferences window. Rinse,
lather, repeat.

--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

Howard Brazee

unread,
Apr 1, 2013, 1:55:02 PM4/1/13
to
Can I tell our Macs, pads, & phones to not try to connect to my Wi-Fi
router, and then plug the route into my Mac and have my WII (which
already knows the password to the router but which cannot log on to
the local Wi-Fi network because it doesn't have a browser) - use the
router?

nospam

unread,
Apr 1, 2013, 2:04:28 PM4/1/13
to
In article <hcijl8lu31hj751b4...@4ax.com>, Howard Brazee
<how...@brazee.net> wrote:

> Can I tell our Macs, pads, & phones to not try to connect to my Wi-Fi
> router, and then plug the route into my Mac and have my WII (which
> already knows the password to the router but which cannot log on to
> the local Wi-Fi network because it doesn't have a browser) - use the
> router?

based on this and your previous posts, what you need is a travel router
that can connect to an existing wifi network and rebroadcast it to a
new wifi network, one that's your own private one, which you can do
whatever you want. apple routers won't do this.

Howard Brazee

unread,
Apr 1, 2013, 2:12:15 PM4/1/13
to
On Mon, 01 Apr 2013 14:04:28 -0400, nospam <nos...@nospam.invalid>
wrote:

>based on this and your previous posts, what you need is a travel router
>that can connect to an existing wifi network and rebroadcast it to a
>new wifi network, one that's your own private one, which you can do
>whatever you want. apple routers won't do this.

Thanks. I'll look into that. I'm not sure that I want to spend
much just for my Wii though (my other router is already paid for).

But the name "travel router" implies that it may be useful beyond
connecting a Wii.

nospam

unread,
Apr 1, 2013, 2:25:56 PM4/1/13
to
In article <7djjl8dsojljgb5mk...@4ax.com>, Howard Brazee
<how...@brazee.net> wrote:

> >based on this and your previous posts, what you need is a travel router
> >that can connect to an existing wifi network and rebroadcast it to a
> >new wifi network, one that's your own private one, which you can do
> >whatever you want. apple routers won't do this.
>
> Thanks. I'll look into that. I'm not sure that I want to spend
> much just for my Wii though (my other router is already paid for).

it also solves the issue of others being able to access your machines
because you would have your own private wifi network.

they're also not that expensive, typically under $50.

> But the name "travel router" implies that it may be useful beyond
> connecting a Wii.

if you travel, they can be very useful, and they're also very small.
one is about the size of a couple of matchbooks.

just be sure it can join a wifi network and create a second wifi
network. not all do that, although it's becoming more common.
0 new messages