macbit.net

Macintosh OS X ships with the extremely robust and secure Apache webserver and has made it extremely easy to share files and other data straight out of the Sites folder located in your Home directory.

However, with all the shenanigans that government is pulling these days with snooping and spying, it only makes sense to enable the tools already built into the system to protect your privacy.

I did a write up for www.macosxhints.com several months back about how to create full, 128-bit grade, self-signed SSL certificates as an alternative to buying a commercial-grade, third-party certificate. At last test, these instructions still hold true even with the latest 10.4 version of OS X.

After all, if you are wanting simply to set up your computer for secure file transfers, data encryption of network traffic, or simply to guard your privacy when communicating with friends, a self-generated SSL certificate would more than suffice.

OS X ships with the built-in SSH server disabled by default which is great if you aren't going to use it, but for anyone who tinkers with the OS X subsystem or is looking to become a power user, being able to tap into your machine from afar becaomes a pretty important function.

Here are the top five things you can do to help lock down and lower your risk profile when enabling the SSH server (in increasing levels of complexity):

1) Use strong passwords
2) Change SSH server listening port number
3) Configure AllowUsers & DenyUsers
4) Disable PasswordAuthentication
5) Enable Public Key Authentication