Firewall and Network Security: How Important?

Discussion in 'MacBook Pro' started by sunsnewmac, Mar 21, 2007.

  1. sunsnewmac macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #1
    I finally set up a home wireless network so that 2 PCs running XP and my MB can all see each other and share files. However, to do so I was forced to disable the firewalls on all three computers. My wireless router does not have a built-in firewall and I have not enabled any security key (eg. WEP)

    I know this question is open-ended and debatable but how important are firewalls on a wireless network and how stupid am I to leave the network open, given I do have some sensitive data? I live in a high-rise apartment building in which many others have WiFi networks. What could realistically happen?
     
  2. xJulianx macrumors 6502a

    xJulianx

    Joined:
    Oct 1, 2006
    Location:
    Brighton, UK
    #2
    My advice: Secure that network NOW, if you have lots of other people using wireless networks (and yours is open with absolutely no WEP encryption) they can more than easily connect to yours and steal your bandwidth and even get to your files/bank info etc.
     
  3. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #3
    WPA is the way to go in terms of security, but definitely don't leave it open.
     
  4. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #4
    I always liked the idea of letting other ppl share my network. I have "borrowed" other peoples in a pinch and feel I want to return the favor.

    Does a secure network take the place of firewalls?
    And besides securing the network on that level, what might I do to prevent problems?
     
  5. xJulianx macrumors 6502a

    xJulianx

    Joined:
    Oct 1, 2006
    Location:
    Brighton, UK
    #5
    This becomes a different story when you have a download cap and get people using your network with torrent clients. I really would advise you secure your network with WEP at the very least. If you aren't fust about people using your bandwidth, it makes it very easy for people to intersept information you are sending/recieving (including sensitive bank info).
     
  6. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #6
    ok, sounds like a good thing to do then--thanks for the advice

    so for the record, can WPA/WEP take the place of a firewall and what else can I do (besides enabling the firewalls because I can't network while they are on)?
     
  7. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #8
    You can always give people you trust in your apartment block the network password ;).
    No, certainly not, especially on Windows.
    Mac side enable the firewall System Preferences==>Sharing==>Firewall

    PC Side, the usual Antivirus/Anti Spyware/Firewall combination.

    But most people aren't 1337 haxxors, so won't be able to ;).
     
  8. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #9
    OK, good advice :)
    then here is a question for you:
    How can I set up my firewalls (on Mac and PC) for the home network?
    As soon as I enable one or any of them, that computer cannot access/be accessed and the whole network becomes buggy. We share files regularly so this is a big issue for us.
    Thanks!
     
  9. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #10
    A firewall with no wireless security is best summed us as locking the doors on a house with no walls.

    Sort of worse, since you are letting people directly into your home/business network and letting them bypass all your security.
     
  10. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #11
    a few more security Qs

    With WPA2 enabled, can I get away without using a firewall?
    And how important is network invisibility?
     
  11. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #12
    No... don't you understand that the wireless password only pertains to who can log onto your wireless connection? A firewall deals with -- once you ARE logged on and have an internet connection, what people on the outside world can see/connect to/hack on your computer.

    If your router does NOT have a firewall built in, then you need to have firewalls on your invididual machines (and even if it does)

    To oversimplify:

    Computers communicate on the Internet through 'ports', numeric identifiers to which various programs and services will respond. When a request comes in on a particular port, say, port 80, and there is a Web server process running on the machine with port 80 open, then your machine's web server process will respond to WHOEVER it is out there, with a message that says "Yup, I'm open for business". They can proceed to then utilize that port to look for information or hack, depending on what's running and how motivated they are.

    There are dozens and hundreds of ports for all different types of programs and services. You don't have a prayer of knowing what's going on in the background. And if a PC with open ports is attached to the internet, then its a matter of minutes or hours until it gets scanned and identified as a hacker target.

    The point of a Firewall is that it denies responses to all ports, saying "no entrance at this door", or even better, stealths the ports, so it doesn't even appear that there is a door there to knock on.

    Then, firewalls can selectively open certain ports (like filesharing) up to only certain machines or groups of machines, so you can have a functioning network. This, of course, requires you to read the instructions and set it up correctly.

    The other thing a good firewall software does, is to monitor OUTgoing requests. So if you have brought spyware into your machine, the firewall should flag and block the attempt the spyware makes to make a connection to the internet without your permission.

    So: WEP/WPA has ^$^#all to do with firewall security

    You NEED a firewall either on the PC or on the router or both, or your Windows machines will become some of the millions of zombied slave machines that spew out spam and worse.

    And lastly: You NEED to do some work to understand this stuff. It's not enough to say "Well $#^^ I don't know what all this means, so I'll just plug it all in and let my machines hang out there naked on the Internet." - besides the probability of your machines being mucked up, you will also be making it worse for the rest of us by making it easy for the bad guys and offering them safe haven in your machines.
     
  12. synth3tik macrumors 68040

    synth3tik

    Joined:
    Oct 11, 2006
    Location:
    Minneapolis, MN
    #13
    If your using Comcast you will not want other people on your network as they have set a ridiculous download cap. First time you go over they cut you for 1 month (you still pay), second time they cancel your service (or you can pay every month for a year until your back on).

    WPA is the way to go for network protection. You can also get a rather inexpensive router that has a build in firewall that will help out for internet threats.
     
  13. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #14
    :eek: whoa!
    it would appear you misunderstood where I was coming from, or simply thought I was your 8-year old kid.
    i do know about the potential risks involved with not having a firewall enabled on my 3 home computers. however, it is the only way I can network the computers.
    based on the others' good (and genuinely simple) advice I am enabling WPA2 but
    besides that what can I do? if i need to network and firewalls are preventing the network from working then I will work without a firewall. I know the risk and was not seeking a lecture or insinuations that I don't do my own research, read product information and know how to set up routers or firewalls. I tried for weeks to do it with the firewalls on, posted here about it, and have done extensive research.
    and sorry but I must point out your irony of using this line
    i'd hate to see the long version ;)
     
  14. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #15
    WPA destroyed the network!

    the network doesn't work with the WPA security enabled. All our computers can access the internet but not each other. Before I enabled the security they were sharing files fine so, WTF? why would securing the network destroy the ability to share files between us?

    SOLVED. sorry!
     
  15. rhoydotp macrumors 6502

    rhoydotp

    Joined:
    Sep 28, 2006
    #16
    at least you solved it and sorry for your language :eek:

    c'mon, these people are trying to help you. btw, for free!
     
  16. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #17
    i am very grateful and have done nothing to suggest otherwise. My saying "WTF" was at the air, not at anyone here, and it was not intended to offend.
     
  17. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #18
    and what is the difference between the previous poster saying "^$^#all" and then later belittling my original question by saying ""Well $#^^ I don't know what all this means, so I'll just plug it all in and let my machines hang out there naked on the Internet."

    why is it you choose to criticise me instead? It was not I who chose a belittling tone Is an acronym worse than a bunch of strung-together characters like "&^&$^"? Especially taking into account the fact that I was not calling anyone names and was not trying to be rude?

    And then why accuse me of being ungrateful? it doesn't make any sense to me and there was nothing to warrant that post, which like the one I am writing, has nothing to do with the original question.

    i honestly did not mean to either ask a stupid question, offend anyone, or be ungrateful
    let us end this and get back on topic please:(
     
  18. deadpixels macrumors 6502a

    deadpixels

    Joined:
    Oct 30, 2006
    #19
    i'm curious now, did you solve your problem? was it by making rules in the firewall of each machine to allow the two others to access?? cauz that's what i was going to suggest :D
     
  19. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #20
    actually, no it's not totally fixed :(
    I do now have a WPA2 secure wireless network. However, firewalls are off on two of the three computers.
    On the Mac, even when the personal file sharing and windows file sharing are allowed, networking does not work. The firewall must be completely off for the PCs to recognize it.
    One PC runs Zone Alarm, which I have configured appropriately.
    The other PC uses the built in XP firewall. Just as with the Mac, even though file and printer sharing is enabled those features will not work unless the firewall is off. Any tips on how to configure the MB? thank you for asking.:p
     
  20. Chimaera macrumors regular

    Joined:
    Nov 15, 2002
    #21
    In all honesty I'd suggest trashing your wireless router and replacing it with one with a stateful packet firewall or similar. I recently replaced my non-wireless one for a wireless one for £30 (about $60 to our American cousins). Once you have that you can disable to firewalls on the individual computers (which really do cock about with file sharing and the like unless configured very carefully, and I'm 99% sure the OSX firewall doesn't give you sufficient granularity of control) and instead have security from two angles:

    1, Firewall to stop anything nasty coming down the wire at the point of entry.
    2, WPA encryption to stop anything connecting to the network wirelessly without your permission. Could also look at MAC address filtering as an extra layer of security.

    If any of the computers are laptops I would suggest disabling rather than deleting the local firewall as its useful to have on when connecting to an untrusted network.
     
  21. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #22
    The XP Built in Firewall sucks, get a better one ;).

    Try setting up remote access on the Mac System Preferences==>Sharing==>Remote Access, find the IP address of the Mac, (System Preferences==>Network==>Airport (or however you're connected to the network)), and then download WinSCP for the PC, it's a pain to setup (and if it stops working, it's because the IP has changed) but it should work through any firewall problems.
     
  22. deadpixels macrumors 6502a

    deadpixels

    Joined:
    Oct 30, 2006
    #23
    i think the advice about getting a new router wich include firewall is a good idea, you'll be protected from the outside world and can drop firewalls on all machines. if not does you machines have a fast ip addresses? you have to configure the firewall of you macbook to allow access from the ip's of the two other machines and vice versa.
     
  23. sunsnewmac thread starter macrumors 6502

    sunsnewmac

    Joined:
    Mar 3, 2007
    #24
    all very good advice, i will look into investing into a hardware firewall.

    I will install Zone Alarm on my boyfriend's PC, indeed.
    And will look into WinSCP, thank you for the tip!

    yes, I think a hardware firewall will be a good idea in the future. just got a new router and it does have a firewall built in but I don't think it's very good.

    so entering the IP addresses as exceptions on all the computers' firewalls should let us network with the firewalls on? I sure hope so, as networking the MB with our PCs has been incredibly buggy and intermittent for us :(
    i'll try to post back with results/updates/further complaints;)
     

Share This Page