security

[locoartist]

Hi,
I've had a problem with a family member secretely remotely accessing my computer. She had physical access to the laptop and also does screen sharing with my mother's computer and I was on that network. I have had photos taken and found screen sharing active on my computer --I'm not sure for how long. I did a clean install several times and tightened security on home network. I wonder if I should worry if I see items in the console logs about Managed Client. Is there a benign explanation for that? I do not ever intend to connect my computer with any work network or other remote type connection. I also see some items mentioning user as root doing this and that in console logs. Is it possible she can still log in as root and can I do something to totally block that possibility?
Thanks so much for any help you can give me.

 

[Giaguara]

Hi locoartist,

When you did the clean installation of Mac OS X, as long as you haven't given others your password you are fine.
So when you made (or make a) clean installation of Mac OS X,
- give a complicated enough password that only YOU know, and that YOU will not forget the logic behind the password. (Numbers, letters, capitals, small letters, no dictionary words or birthdays etc.)
- in System Preferences > Users, disable automatic login!!! Especially on a laptop, it's really bad to have the automatic login on anyway
- in System Preferences > Sharing, make sure items such as remote login and remote management are NOT checked
- make sure only YOUR user has the admin privileges - don't create users on your Macs for those who don't deserve to use them.

With those precautions - plus perhaps even installing Little Snitch, she shouldn't have a chance.
Plus it does not hurt to occasionally change the password.

Are there any particular items you saw in the logs you were concerned about?
(i.e. some more detailed lines about those managed clients?)

 

[Curiosity]

Why not turn on the Mac OS firewall and block file sharing and remote access?

 

[fryke]

Should not be necessary as long as your admin account has a decent password nobody knows about. Also, as long as those services aren't turned on, the firewall is not required to block them. And before you block them while having them turned on, you should rather stop those services.

 

[Giaguara]

Yep, if you are not sure if some service needs to be on in the firewall, it can probably be off.

A good password is the first (and biggest) step for securing your Mac (along with those other steps above. The password isn't enough if you have automatic login on, and someone has physical access to the computer). Also put the screensaver on (with login required when you return to the Mac) if you go to another room in your house and that or some other suspicious person is in the same room.

At work, I could get to a few people's SAP accounts if I wanted - their passwords were something to get past on the third guess, and a few of them kept the SAP passwords on a physical sticky note on their screen. A SAP admin account can do plenty of damage... and 10-20 % of people could be logged to remotely (at least to their public folder, and some of them's systems with ssh too, by just guessing some of the most common passwords). So don't have a password that is easy to guess for others, and don't write it down. (Or if you absolutely have to write it down, make it something that makes no sense to others. Like part of shopping list on the fridge: "- 4 L of milk!"