Ok, here is my understanding of things -- if anyone here knows differently, please correct me.
Airport Base Station v1 -- perfectly secure firewall. Why? Because ANY router, wireless or otherwise, which performs Network Address Translation (NAT) is by definition a secure firewall. On top of that, Mac OS 7/8/9 is a very secure operating system -- largely unhackable out of the box. With that said, a firewall isn't a panacea for all kinds of data theft -- if you use the net, you are sending data out to the world. However, a firewall will keep people from "knocking on the door" and accessing files on your computer. If you want triple peace of mind, you may want to buy one of the software packages that will notify you if any "suspicious" activity occurs, but personally I don't know how necessary they are if you have a hardware router. NAT is what allows you to use multiple computers on a network when you only have one IP address available. If you didn't have a router, you'd plug your computer (insecurely) straight into the your DSL line, and your ISP would assign you an IP address, say 24.28.32.250. Then anyone who is snooping around can try all the various common ports at that address in an attempt to hack your computer. If you wanted to attach another computer to your network, you'd probably find (though not in all cases, actually) that you are unable to obtain another IP address -- you're only paying for one, and your ISP would be more than happy to sell you more. This is why routers have become so popular. The router appears to the ISP to in fact be your single computer, but then creates a network of virtual IP address, in a totally different range to the computers behind it. So the router gets 24.28.32.250, but your computers will get 10.0.1.100, 10.0.1.101, 10.0.1.102, etc. Now if some ill-intended person tries to access 24.28.32.250, they are not contacting your computer, but the router. Say they are trying port 80, which is the port that web server software typically runs on. The router receives the request...but WHICH computer is it supposed to even pass that request to? It has no idea, and ignores the request. If you DID actually want to run a web server behind your router, you'd have to configure the router to pass that one specific port (80) to one specific computer on its network. Without this manual configuration, the request for port 80 is useless to the router. (Some routers also allow you to designate one computer as a "DMZ" which all requests are passed to unless specified otherwise. I don't think the AirPort Base Station supports this though.) This, right here, is a secure firewall. Any requests from the outside world go completely ignored by the router (the Airport Base Station in this case) unless it is specifically configured otherwise. This is true of all routers. Making matters more secure is the fact that you're using Mac OS 9 (or 8), which despite what Apple would have you believe, is furthest from being an internet OS than any other on the market. Out of the box, Mac OS 9 provides almost no services which can be "tried" by an outside "visitor". If you don't use IP File Sharing, and you don't use Web Sharing, your computer is dead to the world, even without a firewall. It is serving absolutely nothing. If you really want to be triple-extra-ultra sure, don't use the Software Update control panel and disable its automatic updates, since you can't see where it's connecting to; instead download software updates from Apple's web site yourself. (This last suggestion is for true paranoiacs only.) This, incidentally, has nothing to do with wireless encryption, which is why I think that aspect of the base station is not that important (though go ahead an enable it if it makes you more comfortable). Whether or not you can be hacked "across the net" is irrelevant to WEP, which only would affect people snooping in range of your wirless base station. Also keep in mind that the firewall services I mentioned are only available if you have NAT enabled. The AirPort Base Station allows you to turn it off. If you want firewall protection, don't. (Routers can still filter outside requests even without NAT, but why disable it if you don't need to...) There are also many "Wireless Access Point" devices on the market which do NOT have a router built in. These have no router or firewall abilities, and should be used behind a router if security is what's important. The AirPort Base Station, once again, is a full router. As you probably already know, the v1 ABS has only one ethernet port and will ONLY provide NAT to wireless computers if you've got DSL. (Bizarrely, it can actually provide NAT to both wireless and wired computers if you use it for dialup access, since the Ethernet port isn't in use.) If you want protection for wired computers on your network, get the v2, or get a third-party wireless router. Finally, as mentioned, it's not a panacea. If someone tricks you (anyone) into revealing your online banking password or an ecommerce password, you're screwed. Common sense still rules the day with this stuff. So buy it already! Ivan. ---------------- >I guess I am more worried about someone breaking into my 2400 from across >the internet, through my DSL line, then through the base station & into my >Mac, not really someone standing outside my window and hacking into the >connection between my base station & 2400. Is the built in security of the >Basestation version 1 enough, or should I get a firewall as well? > >Thanks for your help, >Mark > ---------- Duo/2400 List, The friendliest place on the Net! A listserv for users and fans of Mac subportables. FAQ at <http://www.themacintoshguy.com/lists/DuoListFAQ.shtml> Be sure to visit Mac2400! <http://www.sineware.com/mac2400> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> Need help from a real person? Try. <[EMAIL PROTECTED]> ---------- Dr. Bott | 10/100 Ethernet for your 2400 is finally here! MPC-100 | <http://www.drbott.com/prod/mpc100.html> RoadTools $30 PodiumPad available at Apple retail stores, $20 Traveler CoolPad at Staples. Both in white for iBooks at <http://roadtools.com> Midwest Mac Parts ][ <http://www.midwestmac.com> After-market parts for Macs. ][ 888-356-1104 ][ MacResQ Specials: LaCie SCSI CDR From $99! PowerBook 3400/200 Only $879! Norton AntiVirus 6 Only $19! We Stock PARTS! <http://www.macresq.com>
