On Monday, July 1, 2002, at 08:06 , Donald Keenan wrote: > Getting to my point: > He said that the only decent router would be thousands of dollars in > cost. He suggested that most firewalls were only good to a very limited > degree and asserted that any good hacker can bypass them.
I actually disagree with both of those. The former used to be true, but you can now buy a Cisco 806 dual-Ethernet router with VPN and firewall feature set for under $400. That would probably be the cheapest "full-featured" router that he would find acceptable. To his second point; the typical firmware-based home firewalls are pretty good if they are screwed down tight. The major problems are that they tend to NOT be, and that they are not generally updated regularly by the manufacturer. Nonetheless they are a very good value and can be quite effective. > What intrigued me was this; > He said the best way to set up a secure home network was to use a > computer as server and then connect all other ubits to the server. OK, I > was intrigued but it got over my head quickly. It made sense on first > listening, before I forgot the details. Well, yes and no. What he's saying is that by running a software-based router/firewall/proxy on a computer, you have more flexibility and control over the security, and the software is generally up to date. That is true as far as it goes - the problem is that you have to be a pretty good expert in order to stay on top of it. > Now i remember seeing a tangerine iBook on eBay billed as being a > bargain because it's screen was displaying a red hue which compromised > its use for many applications. The seller suggested using it for a > server. > Provided one has a spare Tangerine iBook around (when not used for > faxing), is this relatively easy to do? He implied that the > server computer protected any other unit from receiving unsolicited > pings or whatever...what I don't get is how one could still use the > internet on the non-server computers. To answer your last question first - stateful firewalls generally allow "outbound" connections from your other systems to the internet, and permit only "inbound" traffic that is deemed to be in response to the initial request. An iBook has adequate processing power, but you would need a second network card. You could use an AirPort card in it if you wanted to make it a wireless router, or possibly use a USB Ethernet card if any are supported. Use that as your internet connection, the slower speed won't matter and you can use the built-in ethernet to connect at high speed to your internal machines. You would also need an external hub or switch to connect all your machines, if you don't already have one. > Does anyone out there do this? Could I use a 366 or 300 iBook as a > server and connect my Pismo and iMac to it as a way of setting up an > impenetrable network. Mind you, I'm not dealing in state secrets... > Does one need special Apple server software to do this? If OS X runs on those iBooks, it has all the tools built-in that you would need; the ipfw feature can be quite fully configured, or you could run ipf or practically any other Unix-based firewall/proxy server. The GUI would be pretty sluggish, but most of your work would be done in the console anyway. This would not be a trivial project, you'd be a moderately competent Unix admin when you were done; but it would be a great learning experience and not very expensive. The caveat is that you need to be able to get a second NIC in there; it's technically possible to firewall on a single NIC, but no security expert would recommend it. KeS -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
