As promised, we’ve spent some time reviewing the new MacBook Air’s Remote Disc feature from a network security point of view. It’s confusing and a bit worrisome.

Remote Disc actually consists of three distinct pieces, each implemented quite differently: “DVD or CD Sharing,” which we overviewed and raised questions about previously, “Remote Install Mac OS X,” which lets you run the Mac OS X Installer remotely, and “Remote Migration Assistant” which lets you migrate an account from a remote Mac to the MacBook Air. Each has its own “challenges.”

It’s hard to tell how DVD/CD Sharing is different from Personal File Sharing. Both let a machine with an optical drive share the files on whatever volume is in that drive with the MacBook Air over the local network. Internally, however, DVD/CD Sharing is quite different from Personal File Sharing. It seems to share the volume more as a disk image than as a set of files. Perhaps some installer applications work better this way. DVD/CD Sharing can also run on Windows, which Personal File Sharing does not do.

Beyond general confusion, the main problem with not using Personal File Sharing, however, is that DVD/CD Sharing doesn’t use File Sharing’s Apple Filing Protocol (AFP). AFP is well understood and vetted from a security perspective, whereas DVD/CD Sharing is not. AFP also provides a number of important security features, like names and passwords, which DVD/CD Sharing does not. And worse yet, DVD/CD Sharing does not seem to use a standard network port, or even the same port every time. Instead, it uses a dynamically-chosen high-numbered port, starting at 49152. This port usage makes it very difficult to protect (or allow access to) this security-flawed feature with a firewall. For instance, at least under Tiger (Mac OS X 10.4), if you have the built-in firewall (or a third-party firewall like our DoorStop X) active on the remote machine, DVD/CD Sharing will be blocked. And there isn’t even a single port you can open up to unblock it. You have to open a wide range of ports, or shut down the firewall entirely, both of which are very bad things from a security perspective. (As a potentially mitigating factor, DVD/CD Sharing supposedly only works over your local network, not the Internet, but there’s no easy way to confirm this fact).

In the unlikely event you’re able to master the security ramifications of DVD/CD Sharing, most of what you learned won’t apply to the other two pieces of Remote Disc: Remote Install and Remote Migration Assistant. Remote Install is an impressive tour-de-force that enables a MacBook Air to run the standard Mac OS X Installer from the optical drive of another Mac or Windows machine on the same network. To do this, you actually boot the MacBook Air over the network, using the Installer DVD sitting in the drive of that remote Mac or Windows machine (which is running a program called “Remote Install Mac OS X”). You can then do all the standard things that installer lets you do, including installing or upgrading OS X on the Air, running Disk Utility to re-format the Air’s disk, or resetting its password.

Remote Install does not seem to expose the same range of security issues as DVD/CD Sharing, but it does have one similar problem which can result in not just a security exposure but also a serious bug. Like DVD/CD Sharing, Remote Install requires you to again open a wide range of ports through the firewall in the remote machine, because it again uses a dynamically changing port number (in addition to static port 7799). If its chosen dynamic port is blocked (as it is by default through the Tiger built-in firewall and DoorStop X), the remote booting process will proceed for some time and then the MacBook Air will get a kernel panic. That’s right, smack in the middle of booting, a scary, multi-lingual screen will tell you that you need to restart your computer by holding down the power button! Not good.

The final piece of Remote Disc is Remote Migration Assistant, which is used to move your settings and files from another Mac over to the MacBook Air. Usually this operation is done over Firewire, but the MacBook Air doesn’t have Firewire, so Apple chose to do it over your local network. Similar to Remote Install, you run an application (this time called simply “Migration Assistant”) on a remote Mac on your network (there’s no Windows support for this piece). You run the same application on the MacBook Air, telling the Air version to look out on the network for the remote version. Similar to the other two pieces of Remote Disc, Remote Migration Assistant uses another, different, dynamically changing port for much of its operations. For total inconsistency, however, this time it seems you have to open that large dynamic port range in the firewall on the MacBook Air itself, not on the remote machine (although Leopard’s built-in application firewall on the Air doesn’t seem to require you to do this). Remote Migration Assistant also uses port 500 (on both machines), which is part of IPsec and VPNs (which securely encrypt all your data as it moves over your local network, a good thing but perhaps overkill for this particular application).

OK, had enough? I know we have here. There’s still a lot more to explore and explain, for instance ways of dealing with all these issues with the minimum of security compromise. But this entry is already approaching record length, so we’ll save those for next time.