I will not laugh out loud Nope Nope Not laugh! Don't kid yourself it can be done easier than your think
Brandy ----- Original Message ----- From: "Ivan Drucker" <[EMAIL PROTECTED]> To: "Duo/2400 List" <[EMAIL PROTECTED]> Sent: Saturday, August 31, 2002 1:57 AM Subject: [Duo2400] Re: One last networking question Part 2 > Ok, here is my understanding of things -- if anyone here knows > differently, please correct me. > > Airport Base Station v1 -- perfectly secure firewall. Why? Because ANY > router, wireless or otherwise, which performs Network Address Translation > (NAT) is by definition a secure firewall. On top of that, Mac OS 7/8/9 is > a very secure operating system -- largely unhackable out of the box. > > With that said, a firewall isn't a panacea for all kinds of data theft -- > if you use the net, you are sending data out to the world. However, a > firewall will keep people from "knocking on the door" and accessing files > on your computer. If you want triple peace of mind, you may want to buy > one of the software packages that will notify you if any "suspicious" > activity occurs, but personally I don't know how necessary they are if > you have a hardware router. > > NAT is what allows you to use multiple computers on a network when you > only have one IP address available. If you didn't have a router, you'd > plug your computer (insecurely) straight into the your DSL line, and your > ISP would assign you an IP address, say 24.28.32.250. Then anyone who is > snooping around can try all the various common ports at that address in > an attempt to hack your computer. > > If you wanted to attach another computer to your network, you'd probably > find (though not in all cases, actually) that you are unable to obtain > another IP address -- you're only paying for one, and your ISP would be > more than happy to sell you more. This is why routers have become so > popular. The router appears to the ISP to in fact be your single > computer, but then creates a network of virtual IP address, in a totally > different range to the computers behind it. So the router gets > 24.28.32.250, but your computers will get 10.0.1.100, 10.0.1.101, > 10.0.1.102, etc. > > Now if some ill-intended person tries to access 24.28.32.250, they are > not contacting your computer, but the router. Say they are trying port > 80, which is the port that web server software typically runs on. The > router receives the request...but WHICH computer is it supposed to even > pass that request to? It has no idea, and ignores the request. If you DID > actually want to run a web server behind your router, you'd have to > configure the router to pass that one specific port (80) to one specific > computer on its network. Without this manual configuration, the request > for port 80 is useless to the router. (Some routers also allow you to > designate one computer as a "DMZ" which all requests are passed to unless > specified otherwise. I don't think the AirPort Base Station supports this > though.) > > This, right here, is a secure firewall. Any requests from the outside > world go completely ignored by the router (the Airport Base Station in > this case) unless it is specifically configured otherwise. This is true > of all routers. > > Making matters more secure is the fact that you're using Mac OS 9 (or 8), > which despite what Apple would have you believe, is furthest from being > an internet OS than any other on the market. Out of the box, Mac OS 9 > provides almost no services which can be "tried" by an outside "visitor". > If you don't use IP File Sharing, and you don't use Web Sharing, your > computer is dead to the world, even without a firewall. It is serving > absolutely nothing. If you really want to be triple-extra-ultra sure, > don't use the Software Update control panel and disable its automatic > updates, since you can't see where it's connecting to; instead download > software updates from Apple's web site yourself. (This last suggestion is > for true paranoiacs only.) > > This, incidentally, has nothing to do with wireless encryption, which is > why I think that aspect of the base station is not that important (though > go ahead an enable it if it makes you more comfortable). Whether or not > you can be hacked "across the net" is irrelevant to WEP, which only would > affect people snooping in range of your wirless base station. > > Also keep in mind that the firewall services I mentioned are only > available if you have NAT enabled. The AirPort Base Station allows you to > turn it off. If you want firewall protection, don't. (Routers can still > filter outside requests even without NAT, but why disable it if you don't > need to...) There are also many "Wireless Access Point" devices on the > market which do NOT have a router built in. These have no router or > firewall abilities, and should be used behind a router if security is > what's important. The AirPort Base Station, once again, is a full router. > > As you probably already know, the v1 ABS has only one ethernet port and > will ONLY provide NAT to wireless computers if you've got DSL. > (Bizarrely, it can actually provide NAT to both wireless and wired > computers if you use it for dialup access, since the Ethernet port isn't > in use.) If you want protection for wired computers on your network, get > the v2, or get a third-party wireless router. > > Finally, as mentioned, it's not a panacea. If someone tricks you (anyone) > into revealing your online banking password or an ecommerce password, > you're screwed. Common sense still rules the day with this stuff. > > So buy it already! > > Ivan. > ---------------- > > >I guess I am more worried about someone breaking into my 2400 from across > >the internet, through my DSL line, then through the base station & into my > >Mac, not really someone standing outside my window and hacking into the > >connection between my base station & 2400. Is the built in security of the > >Basestation version 1 enough, or should I get a firewall as well? > > > >Thanks for your help, > >Mark > > > > ---------- > Duo/2400 List, The friendliest place on the Net! > A listserv for users and fans of Mac subportables. > FAQ at <http://www.themacintoshguy.com/lists/DuoListFAQ.shtml> > Be sure to visit Mac2400! <http://www.sineware.com/mac2400> > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > Need help from a real person? Try. <[EMAIL PROTECTED]> > > ---------- > Dr. Bott | 10/100 Ethernet for your 2400 is finally here! > MPC-100 | <http://www.drbott.com/prod/mpc100.html> > > RoadTools $30 PodiumPad available at Apple retail stores, $20 Traveler > CoolPad at Staples. Both in white for iBooks at <http://roadtools.com> > > Midwest Mac Parts ][ <http://www.midwestmac.com> > After-market parts for Macs. ][ 888-356-1104 ][ > > MacResQ Specials: LaCie SCSI CDR From $99! PowerBook 3400/200 Only $879! > Norton AntiVirus 6 Only $19! We Stock PARTS! <http://www.macresq.com> > ---------- Duo/2400 List, The friendliest place on the Net! A listserv for users and fans of Mac subportables. FAQ at <http://www.themacintoshguy.com/lists/DuoListFAQ.shtml> Be sure to visit Mac2400! <http://www.sineware.com/mac2400> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> Need help from a real person? Try. <[EMAIL PROTECTED]> ---------- Dr. Bott | 10/100 Ethernet for your 2400 is finally here! MPC-100 | <http://www.drbott.com/prod/mpc100.html> RoadTools $30 PodiumPad available at Apple retail stores, $20 Traveler CoolPad at Staples. Both in white for iBooks at <http://roadtools.com> Midwest Mac Parts ][ <http://www.midwestmac.com> After-market parts for Macs. ][ 888-356-1104 ][ MacResQ Specials: LaCie SCSI CDR From $99! PowerBook 3400/200 Only $879! Norton AntiVirus 6 Only $19! We Stock PARTS! <http://www.macresq.com>
