Subj : Re: For Trouble re Home Network Security To : alt.tv.farscape From : Nick Date : Wed Sep 07 2005 19:40:43 From Newsgroup: alt.tv.farscape Nick wrote: > TNW7Z7Z7Z12345 wrote: > >> Cut/altered a little from my original post -- >> >> My router is the Airport Extreme Base Station. I have the wireless >> network closed, encrypted (only WEP though, not WPA) plus have the >> OSX software firewall on in my laptop. So I assume my laptop is >> relatively safe. >> >> However, I also have an older Mac desktop (OS9 so no software >> firewall) connected to the router via ethernet cable. That's the >> one I wonder about. >> >> The router configuration options mostly seem to be for the wireless >> network. The only settings that I guess cover both the wireless >> network and the ethernet connection to the desktop are "WAN privacy" >> settings. (although I'm not sure about that). Out of paranoia, I >> shut off SNMP access, remote configuration, and default host, >> although I haven't a clue what they are. The only thing I'm >> allowing is remote printer access, as there seems to be a glitch >> with wireless printing when that is off. >> >> If I go to the Symantec website and do one of those free security >> probes, they tell me (and I have no idea what any of this means) >> that ICMP ping is open, all other ports are closed, but that the >> only port that is actually stealth or hidden is HTTP Port 80. >> >> I assume the scan is reading the router, not my computer, so that's >> the router firewall that is all closed up. But I had hoped that my >> WAN settings would make the router "stealth" or hidden, which >> obviously they don't. >> >> Would you consider my setup safe? I don't worry too much as nothing >> out there targets Macs, but I wonder about it when I turn on >> filesharing. >> >> What I would give for an old fashioned manual that attempted to >> explain this to a lay person... > > You should be fine. The wired connection is actually more secure > than the wireless one. You most likely don't need a software > firewall inside your network either. I am not sure what you mean by > making the router hidden. The symantec site is checking the ip > address that you came in on so it is going to hit your router. If it > couldn't get to your router then you couldn't get any data through > it. As for the wireless settings, you should be fine with a wep key. > Anyone trying to get in would have to be within 150 feet of your > airport and then they would also need to know the wep key to gain > access. If you want additional security you can also turn off the > broadcasting of your network id. I have 4 computers on the network at > home, none of them are running a software firewall and I haven't had > anything get in in 5+ years. > BTW, I see a pdf titled "Designing AirPort Extreme Networks" at http://www.apple.com/airportextreme/ .