Separate names with a comma.
Discussion in 'macOS' started by copykris, Nov 3, 2009.
do you use it, yes or no?
forgot an e in firewall obv.
I do. I don't want that something possibly harmful would happen to my Mac.
No. Rarely am I not connected to a private network. I'm comfortable enough with the protection that NAT provides.
I am curious as to why this is even a question
If not then why not?
I use my NAT but I'm sure PETA's gonna have something to say about this.
reason i'm asking is i just switched mine on for a couple of days to see if i notice any difference in performance while running the firewall in the background, if i don't --might aswell keep it on from now on...
The reason why there's an option for it to be turned off has nothing to do with performance, it's about certain networked transmissions being blocked with the firewall. For instance, iTunes streaming works with the firewall off.
Do you really have to turn off the Firewall for iTunes streaming to work?
A. what exactly is firewall?
B. how do I know if i have it and if so how can i turn it on/off?
I don't use mine because NAT works just fine.
So a belt and braces approach is not needed?
System Preferences > Security
No. The nature of NAT makes it virtually impossible for someone to get into your computer through any ports except for ones you have specifically forwarded to your Mac. And if you're forwarding them in your router, you've probably opened them up in your firewall too.
A firewall is something that protects a computer or a network from various types of external intrusion. If you have OS X you have a firewall; go to System Preferences -> Security -> Firewall to turn it on/off.
You should be able to just enable iTunes sharing in the firewall section of the system prefs.
I run the firewall, leave open the iTunes sharing ports, and then punch very specific holes in it to allow active FTP to a specific server, and so machines on my local network can reach the Macports Apache instance I'm running.
Never noticed any sort of performance issues with it, but then it shouldn't be receiving much malicious traffic anyway, since I'm already behind a built-in firewall in my router.
Yes, I use the OS firewall and would not use a net connected computer without it. It is generally an accepted practice according to many IT and security experts. I will not cite sources because I don't care to write an encyclopedia in this thread, but please check it out for yourself if you doubt it.
IMO, not using a firewall is as living in a bad neighborhood and not locking your doors and windows. No, router NAT will not protect you enough. There are thousands of network ports for everything from general internet traffic to telnet and ftp. You could be behind a decent router connected to your cable/dsl modem but there could still be (there IS, actually) a lot of data going in and out without your knowledge. Legit apps send out data all the time but so does malware.
I like to use Little Snitch along with the OS-X firewall and a Linksys router running DD-WRT firmware. Consumer routers are generally weak and buggy compared to commercial offerings. Most people write off router glitches as nothing to worry about but usually there are issues that the user is unaware of.
Here's another reason NAT cannot be relied on. The fact is when using a typical wireless router an eight year old with 30 minutes could crack WEP or WPA/WPA2 and then they are IN your network at your computer's unlocked doorstep. NAT will not help you.
Before my Linksys, with DD-WRT firmware, I used a retired computer running Smoothwall so I could isolate my wireless network from my wired. Forgot the root password and I didn't feel like re-doing the whole thing so I jumped on DD-WRT which is a lot more robust than the OEM Linksys firmware. The biggest thing I like about it is the ability to reduce or increase the wireless transmit power. I like to use a lower setting to reduce the chance of unwanted visitors.
Network Address Translation is NOT as security measure!
It might mitigate some simple attacks.
But what happens if somebody with a hacked Windows-Box joins your network?
What if your NAT box has a common default password / or none at all and is vulnerable to XSS attacks:
I rather also have a Firewall running on ever host. But then, I also run my boxes from a non-Admin account...
I don't have any Windows boxes on my network, my WiFi network is secured with WPA2 and a good password, and my router's password is not the default.
Good for you, but I doubt that the majority of people run such a tight setup.
Also, what do you do if somebody (friend, colleague, neighbour) want's to join your network with their Windows box?
you just allow the connection when the firewall prompts you
i'm liking it so far
Firewall on, router set up properly (WPA2), but the router in question is a BT Home Hub, so I don't really trust it's security so much if I'm honest.