Chapter 7:
Principles of Securing Internet Services

In this chapter, we present concepts we will use extensively in Chapters 8, 9, and 10, which deal with securing Internet services. Although the material in this chapter is not particularly technical, you should read it before going on to the next three chapters. Even if you never intend to provide your own Internet services, these four chapters will give you a good understanding of Internet services that can run on your Mac, the risks they pose, and how to minimize those risks.

Using Versus Providing Internet Services

As an end user, you typically use Internet services, not provide them. When you get your e-mail or browse the Web, you are using Internet services. When you check or send your e-mail, for example, your e-mail program communicates with a computer at your ISP, which is running mail server software. Your ISP is providing the Internet service called e-mail, and you are using it.

The Mac OS originally did not come with the capability of providing built-in Internet services. If you wanted to run your own Web site, for example, you had to buy special Web-server software and run it on your machine or pay a Web-hosting service to host your Web site. Starting with Mac OS 8, however, the Mac OS came with a Web server, allowing Mac users to provide Web service. Over time, Apple built several Internet services into the Mac OS. We'll describe these services in Chapters 8 and 9.

Providing Internet services creates much more risk than just using them does. Fortunately, most Mac users have no need or desire to provide Internet services, so you may not have this source of vulnerability. And if you do need a Web site, many ISPs provide free personal Web sites with their Internet accounts. The ISP takes on the risks associated with running Web-server software; all you have to do is upload your pages and graphics.

In general, think carefully before enabling a built-in Internet service on your Macintosh. Securitywise, you're better off avoiding it.

Even if you don't want to provide Internet services, you should still read Chapters 8, 9, and 10 so that you know how various services get turned on and will be aware if they do get turned on, either accidentally or maliciously. If you decide that you need to provide an Internet service, Chapters 8, 9, and 10 will help you do so safely.

Levels of Security

You can use four general methods to reduce the risk associated with providing an Internet service. These methods are mutually exclusive; you choose one method for a particular service. From most secure (and most drastic) to least secure, the methods are: