I'm getting the G5 1.8 and trying to figure out the best way to protect it besides a firewall. I had hacker problems before through my DSL line and want to make sure that doesn't happen on my new computer. Someone suggested buying a router? Would that provide the extra protection I need? And how exactly do I use one and what one do I buy? Or does anyone else have any other solutions?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safety/hacker- router?
- Thread starter Hackcomic.com
- Start date
- Sort by reaction score
What setup were you using before? MacOS X has a built-in firewall, I'm surprised you would be having hacking problems if you're running MacOS X.
I was running 9.2 with norton firewall. Even with OSX I still want to do whatever it is I can to make sure.
A router with NAT offers a decent level of static firewall protection.
If you're still worried, vendors like NetGear offers hardware firewalls with features beyond NAT.
http://www.netgear.com/products/routers/firewallvpn_comparisonchart.asp?view=
Though they are rather pricey, and require a yearly subscription if you want to make use of internet content filtering.
But NAT generally works extremely well for the average user, and the HW firewall I have hasn't logged an attack since I moved it between the LAN and the NAT router.
So NAT and a software FW (ie, configuring built-in FW) on the G5 should offer a fair amount of protection.
If you're still worried, vendors like NetGear offers hardware firewalls with features beyond NAT.
http://www.netgear.com/products/routers/firewallvpn_comparisonchart.asp?view=
Though they are rather pricey, and require a yearly subscription if you want to make use of internet content filtering.
But NAT generally works extremely well for the average user, and the HW firewall I have hasn't logged an attack since I moved it between the LAN and the NAT router.
So NAT and a software FW (ie, configuring built-in FW) on the G5 should offer a fair amount of protection.
I'm really new to this whole router thing. What is NAT? And how does a router work and how do you set it up? is it basically plug it in and there ya go? Do most routers have NAT?
I think a firewall at the router is enough for OS X, keeping all the ports stealthed/closed will keep out the small time guys, and the lack of accessible services on your Mac should keep the rest out. Of course, the über-determined hacker will get in anyway, but then they'd usually have a reason for spending a lot of time and effort on you.
Using a router with NAT is most likely enough...
NAT = Network Address translation. One your computers side of the router, you typically use RFC 1918 address space. These addresses include:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
These router/NAT boxes typically have two IP addresses. One is in one of the ranges above (the INTERNAL interface) and is usually configured as the default gateway on your computers using Dynamic Host Configuration Protocol (DHCP). The other is a globally routable (hopefully) address from your ISP (EXTERNAL interface).
In the most secure mode, your router/NAT box has no open ports on its external interface. You can think of these ports as extensions on a company phone line. There are over 65000 ports associated with any given IP address. When you want to run a server of some kind, like a file server, a web server, a mail server, an iTunes sharing server, your computer "opens" a specific port number and associates it with that specific computer process. If you open up an terminal window you can type:
<b>less /etc/services</b>
This will show you the names of some of the servers your computer might possibly run.
So, with a super secure NAT box, there are no open ports for any hacker to access any of your machines.
When you want to talk to the outside world, the NAT box alters the packets and make them look like they come from the router. It then keeps track of the source and destination IP address and port along with the protocol (UDP, TCP, RTP). Packets arriving from the Internet on the routers external interface are compared to this table. If the packet matches an existing flow, it is rewritten so that the destination address matches the computer on your internal network that initiated the flow.
There are other options, but my baby needs attention. They are less secure and only if you need to run a server on your machine.
NAT = Network Address translation. One your computers side of the router, you typically use RFC 1918 address space. These addresses include:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
These router/NAT boxes typically have two IP addresses. One is in one of the ranges above (the INTERNAL interface) and is usually configured as the default gateway on your computers using Dynamic Host Configuration Protocol (DHCP). The other is a globally routable (hopefully) address from your ISP (EXTERNAL interface).
In the most secure mode, your router/NAT box has no open ports on its external interface. You can think of these ports as extensions on a company phone line. There are over 65000 ports associated with any given IP address. When you want to run a server of some kind, like a file server, a web server, a mail server, an iTunes sharing server, your computer "opens" a specific port number and associates it with that specific computer process. If you open up an terminal window you can type:
<b>less /etc/services</b>
This will show you the names of some of the servers your computer might possibly run.
So, with a super secure NAT box, there are no open ports for any hacker to access any of your machines.
When you want to talk to the outside world, the NAT box alters the packets and make them look like they come from the router. It then keeps track of the source and destination IP address and port along with the protocol (UDP, TCP, RTP). Packets arriving from the Internet on the routers external interface are compared to this table. If the packet matches an existing flow, it is rewritten so that the destination address matches the computer on your internal network that initiated the flow.
There are other options, but my baby needs attention. They are less secure and only if you need to run a server on your machine.
Thanks for taking the time.
So I just have to buy a router with NAT- plug everything in to that and thats it? Its that simple? Is there a specific cheaper (under $150) router you can recommend? (once your done with your baby of course-ha)
So I just have to buy a router with NAT- plug everything in to that and thats it? Its that simple? Is there a specific cheaper (under $150) router you can recommend? (once your done with your baby of course-ha)
Actually, it is a coincidence that most home routers do NAT. A router connects two or more layer 3 networks together and is able to move packets from one network to the other. NAT is just butter on the bread ;-)
Before I could recommend a specific product, I would need to know some things...
How many devices are you connecting to your home network?
Do you want wireless? Do you want 802.11a b or g?
Does your service provider require you to use PPPoE to connect to the Internet?
Let me know, and I can help...
You can also try this:
http://www.linksys.com/configurator/
Linksys is owned by Cisco. They are doing a good job together it seems.
I use an Airport as my router and have a netgear dumb 10/100 switch. The airport has a lot of features, but is also expensive.
[edit] Oh, by the way, I am a Network Engineer for Carnegie Mellon. People have suggested we put a firewall on the border of our network facing in to protect the rest of the world ;-)
We really don't have an army of hackers though.
Before I could recommend a specific product, I would need to know some things...
How many devices are you connecting to your home network?
Do you want wireless? Do you want 802.11a b or g?
Does your service provider require you to use PPPoE to connect to the Internet?
Let me know, and I can help...
You can also try this:
http://www.linksys.com/configurator/
Linksys is owned by Cisco. They are doing a good job together it seems.
I use an Airport as my router and have a netgear dumb 10/100 switch. The airport has a lot of features, but is also expensive.
[edit] Oh, by the way, I am a Network Engineer for Carnegie Mellon. People have suggested we put a firewall on the border of our network facing in to protect the rest of the world ;-)
We really don't have an army of hackers though.
I use a belkin router
I bought myself a belkin 'internet gateway' router that has wireless capabilities as well (handy for the G4 Powerbook i have). Mine is already fairly old but has already 3 wired connection points, plus a wireless antenna. You can hold off on using the wireless part until you're ready for it
Setup is fairly easy, and the installation guide is quite good.
Go and look at their website ( http://www.belkin.com ) and eg search for a 802.11g Wireless DSL/Cable Gateway Router - they list one for about 112 dollars.
(Apple airport extreme cards use 802.11g and are compatible with it, though configuring encryption can be a hassle)
Regards,
A
I bought myself a belkin 'internet gateway' router that has wireless capabilities as well (handy for the G4 Powerbook i have). Mine is already fairly old but has already 3 wired connection points, plus a wireless antenna. You can hold off on using the wireless part until you're ready for it
Setup is fairly easy, and the installation guide is quite good.
Go and look at their website ( http://www.belkin.com ) and eg search for a 802.11g Wireless DSL/Cable Gateway Router - they list one for about 112 dollars.
(Apple airport extreme cards use 802.11g and are compatible with it, though configuring encryption can be a hassle)
Regards,
A
Thanks for all the help: here is what I have
I am using SBC/Yahoo DSL- on the TCP set up- it uses a PPP server.
my phone lines goes into a speedstream dsl box and then ethernet into the computer.
I have a G5 on the way and a G3 ibook that I use sometimes as well. But I only connect up one at time- simply unplugging the ethernet cord and putting it into the computer I am using at the moment.
I avoid wireless because of cost and because of security.
Although I could see myself getting a really long ethernet cord and using that for my powerbook if I can have 2 ethernet outs coming from a router.. or could get airport card for my G3 ibook if the router would mean it was safer- but I would still have to get the airport base station- correct?
I am using SBC/Yahoo DSL- on the TCP set up- it uses a PPP server.
my phone lines goes into a speedstream dsl box and then ethernet into the computer.
I have a G5 on the way and a G3 ibook that I use sometimes as well. But I only connect up one at time- simply unplugging the ethernet cord and putting it into the computer I am using at the moment.
I avoid wireless because of cost and because of security.
Although I could see myself getting a really long ethernet cord and using that for my powerbook if I can have 2 ethernet outs coming from a router.. or could get airport card for my G3 ibook if the router would mean it was safer- but I would still have to get the airport base station- correct?
If you have a laptop, get wireless and don't look back! Just make sure you have your network more secured than the one next door, same goes with bikes, cars, homes, airplanes etcd.
Well, the lap is more for travel- I dont use it all that much to make it worth spending $300+ for the base station and a wireless card on top of the price of a router. Although I want to make sure the router can handle wireless in case I ever change my mind.
all you'd need is a wireless router that also has a wired port or two, and a card for the laptop. OR you can get a card each for the G5 and iBook, then share the connection.
Won't I need to buy the apple base station thing too besides the airport card? Thats like $270 or so. Or can I get a router that has that built in?
You DON'T need an airport base station for your wireless connection if you buy a router that also has wireless capabilities. You can have both in the same package, and any mac with an airport card can work with most wireless access point (I would say any, but I work in IT...).
Mine has 3 WIRED ports (so cable) plus antennas (belkin) for wireless. I only bought a wireless card for my notebook after 2 months or so, but it has been a joy to use (plus my wife is happy that she sees me again).
Mine has 3 WIRED ports (so cable) plus antennas (belkin) for wireless. I only bought a wireless card for my notebook after 2 months or so, but it has been a joy to use (plus my wife is happy that she sees me again).
Good to know- now I will buy one with wireless and wired. How can I be sure its campatible with the Mac- I think the g3 isn't extreme airport. And do you have any recommendations on a good one to buy?
I use a router from belkin (http://belkin.com) that uses the 802.11b, the most standard used protocol for now. You get speeds up to 11 Mbs through that, quite enough for my surfing needs or even streaming audio from the internet.
My airport extreme card is using the 802.11g protocol that is backwards compatible with the 802.11b protocol. So my airpot extreme card talks to the belkin router on 11 Mbps speed.
Airport cards use 802.11b protocol so my guess is that any base station that supports either 802.11b or g will accept the connection.
Out of the box using no encryption this just worked. One sticky problem I did find is that to set up encryption on your wireless network is different for apple and for pc's. You might need to consult the apple support board (or here !) to set that up.
My airport extreme card is using the 802.11g protocol that is backwards compatible with the 802.11b protocol. So my airpot extreme card talks to the belkin router on 11 Mbps speed.
Airport cards use 802.11b protocol so my guess is that any base station that supports either 802.11b or g will accept the connection.
Out of the box using no encryption this just worked. One sticky problem I did find is that to set up encryption on your wireless network is different for apple and for pc's. You might need to consult the apple support board (or here !) to set that up.
Looked at the Belkin- only around $100 - wow- great deal compared to the airport station from apple which is more than twice that and not a router.
Does using a router slow donw your internet connection on a wired computer?
Does using a router slow donw your internet connection on a wired computer?
I have not looked at the airport base station (i'm a recent convert from pc's) so I'm not sure if the airport is not a router also.
But the Belking I have performs fine - the routers shouldn't give you a slowdown at all, it's (probably) a dedicated chip that's doing the routing and natting.
FWIW, in the MacFormat Februari magazine (www.macformat.co.uk) they review the belkin F5D7630uk4A and gave it 4.5 out of 5. It's got 4 10/100 wired ports, wireless capability, is managed via your web browser, and can do firewall and nat.
This is the uk version of course, but a similar one would be available for you.
from pc's) so I'm not sure if the airport is not a router also.But the Belking I have performs fine - the routers shouldn't give you a slowdown at all, it's (probably) a dedicated chip that's doing the routing and natting.
FWIW, in the MacFormat Februari magazine (www.macformat.co.uk) they review the belkin F5D7630uk4A and gave it 4.5 out of 5. It's got 4 10/100 wired ports, wireless capability, is managed via your web browser, and can do firewall and nat.
This is the uk version of course, but a similar one would be available for you.
Do you know if you can turn the wireless off when using wired? Just to make sure no one can piggyback off the connection.
No that was the one thing they didn't like about it - you couldn't turn off the wireless part.
I haven't had any problems with that though (though I do live in only a small suburb, so maybe that's why).
If you activate the encryption anyway, even if you are not using it, especially the wpa (not the wep) they'll have a hard time cracking it if you are not using it. To crack a key you need to capture packets, enough of them, and if you never use it, they won't get the packets !
You can also name you base station ID to something wierd, and (perhaps) configure it to not send out the 'i am here' message - I renamed my to something else than the standard, but can't turn off the broadcast though.
Still, I've so far never noticed anybody piggy backing on my connection.
EDIT : I also turn off my router/pc/mac when going to work, tho.
I haven't had any problems with that though (though I do live in only a small suburb, so maybe that's why).
If you activate the encryption anyway, even if you are not using it, especially the wpa (not the wep) they'll have a hard time cracking it if you are not using it. To crack a key you need to capture packets, enough of them, and if you never use it, they won't get the packets !
You can also name you base station ID to something wierd, and (perhaps) configure it to not send out the 'i am here' message - I renamed my to something else than the standard, but can't turn off the broadcast though.
Still, I've so far never noticed anybody piggy backing on my connection.
EDIT : I also turn off my router/pc/mac when going to work, tho.