Sever a Mac’s Ethernet Access for Nighttime Security

| How-To

If you leave your Mac powered up 24x7, one way to ensure the security of your Mac while you sleep is to sever the Ethernet connection with a simple click. Here’s how to do it.

In the Mac OS X System Preferences, there is a setting for “Network.” That’s where we create various network configurations, for example, a wired Ethernet or a wireless AirPort/Wi-Fi connection. Here’s what mine looks like when I’m on a wired connection to my router:

Sever 1

Normal Setting

Once various settings are created and named, there’s a shortcut to access each one under the Apple menu: Locations. Here’s a list of locations that I have defined and can easily select:

Sever 2

Location Popup

What I do to ensure additional security while I’m sleeping is to create a new location that completely severs my Internet connection. I did that with the Location Popup at the top of the Network panel, in the item: Edit Locations…

Sever 3

Edit Locations: Add new with “+” button

Click on the “+” button in the popup to create a new location entry. I’ve created a location called “Off the Air.” The trick is to look at “Configure IPv4:” and use the “Off” setting. Here’s how it looks when done:

Sever 4

Ethernet is Inactive

Before I go to bed, I simply select this Location, and my Mac can continue to manage its logs at night, do Time Machine updates, but no one can touch it from the Internet. This is especially helpful if you have the Energy Saver setting set to wake for a network connection during the daytime if, say, you’re using screen sharing from another room. This “Off The Air” setting will override the “Wake for network access” setting once activated.

Sever 5

“Wake for network access” can help or undo your intentions

Discussion

This procedure may seem a bit paranoid, but it makes me feel better knowing that, while I’m asleep, my Internet connection is completely severed at the lowest hardware level. OF course, I could turn off the iMac when I’m done in the evening, but it’s a pain to reboot every morning. Anyway, UNIX boxes like to stay on. Or I could put the Mac to sleep, but for personal reasons, I like letting the UNIX-based Mac run 24x7 (with screensaver!) but having the finality of severing the Ethernet connection while I snooze myself.

This technique may be of technical interest to some for other reasons, and it’s not for everyone. But it is nice to have lots of security options, and this is just one trick you may want to be aware of for future use.

Comments

Lee Dronick

Speaking of security Apple has just released an update to Snow Leopard to address the malware concern.

dayornightmac

I would rather you just turn it off:

1. All desktop and laptop computers work better when restarted frequently
( due to the problem of memory leaks - nobody can produce bug free software - not even Apple). Restarting forces the computer to reset all ( RAM) memory and this effectively removes the negative effects of memory leaking software….

2. Why waste electricity?

You don’t leave your car on 24x7 and hopefully you aren’t heating hot water round the clock - these are wasteful practices.

It’s NO different with the computer folks - unless you are running a server with people logging into it at all hours - there’s no good reason to leave any computer on….

daddy

@John M:  What version of OS X are you using?  I’m using the latest dev version of Lion and clicking the Apple in the menu bar yields no “Location” menu item.  Also not showing up under any other Finder menu.

Of course the rest of your article is great and I’m able to create this null network thing but switching to it isn’t as easy as being able to go directly via a menu item.

@dayornightmac:  Points are excellent but sort of misdirected.  You should be targeting large offices and other work areas where megawatts of electricity are used between 5pm and 8am, when virtually no one’s around.  Years ago at my last job at Cisco in San Jose I would send out a nice suggestion prior to every three-day weekend to our building’s d-list suggesting that people shut down their computers, or at least their monitors (those huge CRTs in those days) but management always rebuffed me for “interfering with established procedures” without further explanation.

Lee Dronick

I would rather you just turn it off:

I have our Macs set auto shutdown at 11:00 PM if we don’t shut them down manually. We have a number of zombie appliances, peripherals, and chargers; There are LEDs glowing all over the house.

As to security I could just turn off the DSL modem and Airport at night.

John Martellaro

Turning off my cable modem consists of pulling the power plug.  It’s too cheap to have a switch. Besides, I’m not keen on disconnecting from Comcast on a regular schedule.

Lee Dronick

Turning off my cable modem consists of pulling the power plug.? It?s too cheap to have a switch. Besides, I?m not keen on disconnecting from Comcast on a regular schedule.

My DSL modem has a rocker switch. I shut it off now and then, it connects fairly quickly. An alternative would be to unplug the Ethernet cable.

Ian

A good tip, but I’m curious as to what you feel you are protecting against by doing this? 

I would assume you have the firewall on with appropriate settings if you are security conscious (this should be the most recommended tip btw).  I’m not trying to be pedantic, I’m genuinely interested to know what issues you feel you have with a firewalled Mac on a (presumably hardware firewalled with a router) interent connection. 

Would the control be better achieved by configuring your sharing services an inbound requests to running processes, otherwise during the day you are still susceptible to the same perceived threats as you face at nighttime?

geoduck

Power usage issues aside,

I was under the impression that a system that was asleep was secure. If I closed the lid on my MacBook it could not respond, all processes were suspended, it was frozen is stasis until I woke it up.

Is this not true?

Also if you’re on a wired connection, per Fig 1 above, wouldn’t unplugging the Cat5 do the same thing with a lot less hassle?

steveald

What version of OS X are you using?  I?m using the latest dev version of Lion and clicking the Apple in the menu bar yields no ?Location? menu item.  Also not showing up under any other Finder menu.

John could be using any version of OS X that’s currently available to the public. Why would he write about something based on an OS version that hasn’t been released yet?

Lee Dronick

I?m genuinely interested to know what issues you feel you have with a firewalled Mac on a (presumably hardware firewalled with a router) interent connection.?

Can anyone recommend a good way to test my firewall?

unknown

With respect to your comment of “...but it?s a pain to reboot every morning.”

You can set a shutdown and wake up schedule in the Energy control panel and you would never know that you machine was ever shut down.

As for the Unix like to be on 24/7 that is a myth.  That has been just the egos of competition so that I could say that my uptime is 9,341,016 hours and your isn’t.

Cron jobs and clean up scripts are the biggest reason as the default is to run those at 3 am or so, but those can be rescheduled or even run manually.

Energy is energy.  Be it 1 computer/monitor or 500.  When you add up all these 1s from people that leave them on you get far more waste energy than all of Cisco worldwide.

PS:  Screensavers are bad.  Just bad.  They keep your monitor on and all LCD/LEDs still have burn out.  They are a light bulb to a degree, and only have a limited number of useful hours.  Turning them off when not in use is your best bet for longevity.

Lee Dronick

Cron jobs and clean up scripts are the biggest reason as the default is to run those at 3 am or so, but those can be rescheduled or even run manually.

It is my understanding that if the Mac is not on during the scheduled time then the CRON job will run at the next startup.

daddy

John could be using any version of OS X that?s currently available to the public. Why would he write about something based on an OS version that hasn?t been released yet?

<sigh>  Thanks for the helpful response.  In the future, please don’t waste time with me if you haven’t anything helpful to write.  The question was directed at John, not you, so you’re not qualified to speak for him.

 

John Martellaro

daddy: I am using 10.6.7.  I wouldn’t write a howto for an OS that only a handful of people are using.  As an aside, regarding the most friendly and helpful reader steveald, I ask that you ALL be polite with each other.

daddy

@John:  I stand by my response.  I wrote what I thought was a reasonable question to you and your buddy jumps on me for no reason whatsoever. I was curious about the OS simply because in using Lion (you are right, only a handful of people are using it)what your screenshot showed didn’t show up in my seed.  So I guess I’m guilty of wasting your bandwidth with such a silly question and your buddy decided to take me to task with a decidedly unnecessary and condescending post.

Sorry to interrupt the conviviality around here.

Ian

Can anyone recommend a good way to test my firewall?

Yes, the ShieldsUp! test from http://www.grc.com/default.htm will show how your internet facing firewall will respond to port requests and pings..

Log-in to comment