Firewall??

i've been experimenting with the jagaur firewall and i've decided to just use it

i added a custom port for AIM and that's it... so far it looks like it's pretty powerful and simple... and free

in the next few weeks look for a more in-depth review/story on firewalls on http://www.ambitiouslemon.com/

ps i have a new powerbook 800 as well and love using airport with it

 

i don't have a great deal of experience with Airport, but i helped a small town set up a city-wide wireless network, which is very close to the same thing. Our initial impressions, and keep in mind this was a couple of years ago, were that the technology was remarkably secure without additional modification. Basically, i think the worst thing you could reasonably worry about is someone "listening" in on your connection-- a wireless packet sniffer of sorts... but then if someone goes to that trouble, a firewall probably won't do anything. If i were you, the only thing i'd do differently is to make sure any passwords you send are encrypted, and maybe use credit cards on a land-line if you're worried...

that being said, i use BrickHouse as my firewall... it seems to work seamlessly with X.1 (i might get jaguar saturday tho!) and does it's job pretty well. I don't actually need a firewall, but it's still nice to have...


pnw

 

firewalls

I like the new Norton Personal firewall 2.0. Its much beter than the older version of it.. and it runs in X.

NetBarrier has come a long way as well. I have not used it in a while but I have seen some of the recent build of it and it looks great. There are a lot of features that you will probably never need or even want to know about. I have seen it running in millitary facilities.

Norton is simple and it has some more advanced features as well... incase you want to really get into it.

-evildead

 

Re: Thanks

Nope. It's just a simple click in the System Preferences.

Good ol' Apple.




irmongoose

 

I'd encourage NetBarrier from Intego if you want a commercial firewall.

 

I also like NetBarrier as it does domain filtering, i.e. getting rid of advertisements. However, it refuses to communicate with the control application from time to time.

If you've read the recent Ars Technica article on Jaguar, you'll have seen that the Jaguar interface to the firewall works well for simple situations, but not for those which are complex, which average users should not see.

 

first of all, the jaguar firewall is as complex as you want it to be, but it only has a few GUI options. get a third party front end for the actualy ipfw and you can open up the power of it.

secondly, a firewall is just not going to protect what you should be afraid of. this is what has been touched upon already, packet sniffing and such. the traffic can be grabbed, processed and decoded if someone is willing to put the time and energy into it. this means sensitive information can be compromised such as credit card #s etc. this does not mean someone can break into your computer and mess with things, however. it depends on the type of security you are looking for.

i trust my wireless network at home, but i would never trust a university "public" network. just too much chance.

 

It is highly unlikely that your Univerisity is using one of the newer protocols, like PEAP, to provide any reliable security to the wireless networks. If they are using WEP, then everyone on campus has the key. What if everyone on campus had the key to your dorm, would you feel safe? With PEAP, everyone has their own dynamically assigned key that is unique per user, and changes every so many minutes or hours.

So, anyone running tcpdump or ethereal (or tethereal) is able to sniff any passwords that you send either via telnet or via mail.app to servers that are using plain-text encryption with no ssl.

For these kind of things, there is no firewall in the world that will protect you. I don't think that you really need to worry too much about firewalls, as much as know that you should use ssh instead of telnet.

If you are using ftp to copy things to and from some network storage account, you should use scp instead.

These are pretty easy things to use, just open a terminal and type man scp or man ssh. All you really need is the syntax of the commands.