I'm going to have to agree with you, AppleMatt, for exactly the reason that you stated. And there's the bonus of catching the "attacking" computer in a small (very small) bit of quicksand while it waits for your ports to respond.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Securing your Mac
- Thread starter AppleMatt
- Start date
- Sort by reaction score
I have a Linksys Router/WAP/DHCP/Firewall setup and I do the following:
1. the Router gives out only 5 IP adresses (I have 5 Macs/PCs).
2. The router and wap only give out IP addresses to MAC addresses I have allowed.
3. My SSID has Numbers and Letters and is not something easy to figure out.
4. My SSID is not broadcast.
The NAT'd firewall of the Router does a pretty good job of keeping out the trojans.
I haven't gotten WEP to work perfectly between the AirPort Cards and the Linksys so I bypass it by only using my CC number pluged into my router (i just have an extra cable set up for when i want to do stuff and a location in my iBook's Network Setup).
This does mean that whenever friends/family come over to visit I have some maintenance to get their laptops into my network but its worth it.
Althought I just moved and now I live in a neighborhood where there are exactly 10 people living (people not familes) and seven farms... so lots of cows and if they're war chalking I have bigger problems then I thought...
Seriously tho... MAC Filtering and Disabling that SSID Broadcast (on an AirPort Base Station that's called a closed network) really helps to keep things safe.
On my PC tho I run Norton Personal Firewall and AntiVirus. I only get notifications of trojan's when my PC is in the DMZ (out of firewall).
MacBoyX
1. the Router gives out only 5 IP adresses (I have 5 Macs/PCs).
2. The router and wap only give out IP addresses to MAC addresses I have allowed.
3. My SSID has Numbers and Letters and is not something easy to figure out.
4. My SSID is not broadcast.
The NAT'd firewall of the Router does a pretty good job of keeping out the trojans.
I haven't gotten WEP to work perfectly between the AirPort Cards and the Linksys so I bypass it by only using my CC number pluged into my router (i just have an extra cable set up for when i want to do stuff and a location in my iBook's Network Setup).
This does mean that whenever friends/family come over to visit I have some maintenance to get their laptops into my network but its worth it.
Althought I just moved and now I live in a neighborhood where there are exactly 10 people living (people not familes) and seven farms... so lots of cows and if they're war chalking I have bigger problems then I thought...
Seriously tho... MAC Filtering and Disabling that SSID Broadcast (on an AirPort Base Station that's called a closed network) really helps to keep things safe.
On my PC tho I run Norton Personal Firewall and AntiVirus. I only get notifications of trojan's when my PC is in the DMZ (out of firewall).
MacBoyX
I have OS X firewall turned on and I have a zonealarm on my PC. I'm behind a router with some security built in. However, if you're concerned and you want an easy but somewhat inexpensive solution you could try ipcop.org. You'll need a spare machine with other security and it acts as a router. You'll need a hub or swith if you're going to go this route. Oh and the spare PC you use needs to have another nic card.
To be honest, I feel much safer with my mac than pc for obvious reasons, but I have no idea how secure the mac is??????????
To be honest, I feel much safer with my mac than pc for obvious reasons, but I have no idea how secure the mac is??????????
You may laugh at me for saying this, but it would be nice for us Non *nix folks to have a GUI to admin or set the state of ipfw.... Anyone?
No laughing required - really. I completely agree with you. For that very reason I haven't modified the ipfw setup on any of my macs as of yet (and Jaguar has been out a year).
There might be something in the FreeBSD ports that is graphical that'll work with X11. I'll check it out. E-mail me offline if you're interested in my findings.
I didn't realize that Brickhouse was the graphical editor. Here everyone is mentioning it, but with little description. Anyway, I just downloaded it and it seems to work well. I wish I could add it to my system preferences pane... Anyone?
I am new to Mac, and I certainly does not know anything about UNIX... with all these talks about secuirty, I don't even know what I should be doing. Now, where should I start? Someone advise that Apple doesn't have any virus and i don't need to bother with Anti-Virus program.. now you guys talking about firewall... so am I back to square one and I need to get something to protect myself?
SLJ,
You have to worry less about Viruses...MOST viruses are written to affect the Wintel world.
Firewalls prevent the world from hacking your machine. OS X has one built in, XP does not. This has become more of an issue because of always on Cable and other broadband internet connections. My advice to people Mac or PC is to buy a Router no matter if you have a need for it or not. It enables you take advantage of a NAT'd firewall. NAT is Network Address Translation which basically takes the internal non public IP address that is assigned to you by the router and translates it to the PUBLIC known IP address of your broadband. This pretty much is the safest way to live on a broadband connnection.
Security is something you need to be aware of as a Computer User in the High-Speed Internet age.
I wouldn't sweat it but just be aware, it might be time for a Google search on firewalls and security
Hope that helped...
MacBoyX
That's a quote from the movie Space Balls. To which Dark-helmet replys "That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage." A little later President Skroob (Mel) hears the password and says "That's amazing, I have the same combination on my luggage!"
Good movie... I'm still waiting for the sequel "Spaceballs 2: The quest for more money"
Raid
-----and that's why I'm the Jedi master of pop culture
Actually Windows XP does have a built-in firewall (they touted it too when XP was first launched). Its has to be turned on though through Network Connections and is not very easy to get to, and is not customizable @ all, so you can't even add ports, and in order to do anything but do email and Internet (and MSN) you have to turn it off.
There's also HenWen, which is uses Snort, and well its makes your computer REAL secure...
There's also HenWen, which is uses Snort, and well its makes your computer REAL secure...
Originally posted by MacBoyX
SLJ,
My advice to people Mac or PC is to buy a Router no matter if you have a need for it or not. It enables you take advantage of a NAT'd firewall. NAT is Network Address Translation which basically takes the internal non public IP address that is assigned to you by the router and translates it to the PUBLIC known IP address of your broadband. This pretty much is the safest way to live on a broadband connnection.
Security is something you need to be aware of as a Computer User in the High-Speed Internet age.
I wouldn't sweat it but just be aware, it might be time for a Google search on firewalls and security
Hope that helped...
MacBoyX
Can you share with us the make of router you use? What do we look for when looking through specs for routers that take us the next stage beyond Jaguar´s Firewall on with nothing ticked in "sharing" preferences - but not into FBI paranoia land.
I´ve got nothing I dont want nicking but if its a matter of a few spondooleys and a plug and play gadget to add that extra unbreakable lock on the door, it is probably worth considering.
My brother is a PC head, poor lad, and says it is going to be quite tricky for him setting up a firewall and not completely dogging the speed of his connection. Is that a Windows thing or does it apply to external devices used on Macs too?
Thanks
I have my OSX firewall on and recently downloaded the 7B28 Panther beta at the full speed of my DSL connection, so I wouldn't worry about performance.
Linksys is a pretty good home router. Cisco owns them, although they don't advertise the fact.
nice. i remember watching some crappy tv show during the infancy of the internet and this big-time computer guy starts freaking out cuz someone's hacking files on his machine. the not-so-computer-savvy main character walks over to the outlet and pulls out the plug, thereby solving the problem.
I've always liked Belkin networking products. They work well and they have a lifetime warranty (which is coming in handy since mine got hit by lightning the other day).
My linksys DMZs to my computer because I'm too lazy to configure all the ports. I then use the built in firewall to stop anything but HTTP, KDX, eDonkey, and anything else I run. According to nmap, this is my "interesting port" situation:
80/tcp open http
113/tcp open auth
427/tcp open svrloc
548/tcp open afpovertcp
3306/tcp open mysql
Also funny:
Remote OS guesses: Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac, Mac OS X 10.1.5
Tsk tsk... apparently the TCP fingerprint hasn't changed since then. Pretty good though!
I should probably turn auth, svrloc, and afpovertcp off. Chances are my version of Apache has security holes too. Thankfully, I don't have anything of value. My last web page was bought out by a porn site, so now I have zero traffic besides KDX and eDonkey.
80/tcp open http
113/tcp open auth
427/tcp open svrloc
548/tcp open afpovertcp
3306/tcp open mysql
Also funny:
Remote OS guesses: Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac, Mac OS X 10.1.5
Tsk tsk... apparently the TCP fingerprint hasn't changed since then. Pretty good though!
I should probably turn auth, svrloc, and afpovertcp off. Chances are my version of Apache has security holes too. Thankfully, I don't have anything of value. My last web page was bought out by a porn site, so now I have zero traffic besides KDX and eDonkey.