Subj : Re: For Trouble re Home Network Security To : alt.tv.farscape From : Trouble Date : Wed Sep 07 2005 15:07:42 From Newsgroup: alt.tv.farscape TNW7Z7Z7Z12345 wrote: > Cut/altered a little from my original post -- > My router is the Airport Extreme Base Station. I have the wireless > network closed, encrypted (only WEP though, not WPA) plus have the OSX > software firewall on in my laptop. So I assume my laptop is relatively > safe. Sounds like its as safe as the ABS can make it. > However, I also have an older Mac desktop (OS9 so no software firewall) > connected to the router via ethernet cable. That's the one I wonder > about. Well if you don't have Port Mapping open, you should be relatively safe from direct attack. The main concern would be to watch what you download from that machine. A good anti-virus package is a typical recommendation for that. > The router configuration options mostly seem to be for the wireless > network. The only settings that I guess cover both the wireless > network and the ethernet connection to the desktop are "WAN privacy" > settings. WAN Privacy? Hmmm, do you know what version of the setup you have? > (although I'm not sure about that). Out of paranoia, I shut > off SNMP access, remote configuration, and default host, although I > haven't a clue what they are. The only thing I'm allowing is remote > printer access, as there seems to be a glitch with wireless printing > when that is off. These shouldn't hurt anything. > If I go to the Symantec website and do one of those free security > probes, they tell me (and I have no idea what any of this means) that > ICMP ping is open, all other ports are closed, but that the only port > that is actually stealth or hidden is HTTP Port 80. ICMP ping helps your ISP troubleshoot your connection. > I assume the scan is reading the router, not my computer, so that's the > router firewall that is all closed up. Yes, the computer has one IP address, probably in a private IP range, and the router has the real world IP address given to you by your ISP. Checks of the port security go against the Router unless you've opened ports up through the router to allow direct computer access. Sounds like you haven't. > But I had hoped that my WAN settings would make the router "stealth" or > hidden, which obviously they don't. A determined attacker would find Stealth and hidden anyway, there is a whole art out there of analyzing port closed, and no response messages. Standard behavior for the router would be to keep all these ports closed until you access the internet, or send a request for a webpage, email, or file, at that point any web, mail, or file response from the requested site is considered legitimate and allowed in through the router, when that session is over the router closes up. > Would you consider my setup safe? I don't worry too much as nothing > out there targets Macs, but I wonder about it when I turn on > filesharing. By turn on Filesharing you mean just open the program? Anti-Virus would help more here to protect you than anything else. If you have to open a port through the router to get your filesharing to work, then you've opened a door to attackers, and a software firewall wouldn't hurt. > What I would give for an old fashioned manual that attempted to explain > this to a lay person... Ahem... For ABS with the 4.0 Setup utility http://www.vonwentzel.net/ABS/Configuration/OSXExtreme/ Does that look familiar at all? I read the manual from Apple, but its great for installation, not helpful for troubleshooting. IF your setup screens looked anything like the ones from the link above, I can easily walk/talk you through any of them. Sounds like you're reasonably well off... with the three standard caveats; 1. Keep the System up to date 2. Keep any Anti-Virus up to date (if you're worried about filesharing) 3. A software firewall will help if you open ports in the router direct to the internet (some P2P apps require open ports for better performance) -- "Do not seek to follow in the footsteps of the wise. Seek what they sought." --Basho .