On Nov 23, 2007, at 10:53 AM, dwn wrote:
Sorry a little of topic, but hopefully someone can comment.
I’m using Easyproject software (to maintain Freeway website
projects) which runs a server on one mac to update, another person
Mac with the user’s project data.
By default I usually have both Macs running the OSX Firewall. But
this program does not work unless the firewall is down on the
EasyProject’s Server Mac.
Question is, I already have an 8 port router with firewall running
between the LAN and the Internet, so do I really need to worry
about having to turn off the OSX Firewalls?
That’s why this forum is called Off Topic!
Security is a matter of more is better, but you are correct, there is
a limit to how much you need in everyday use. Depending on how your
network is configured, you may not need the firewall on any of your
Macs. But if you do go that far, realize that you have removed a
layer of security, and if the one protecting that should fail, you
will be open to all sorts of trouble.
If your network is set up similar to mine, you have a cable or DSL
box connected to an internet sharing appliance, and the rest of your
network to that. The sharing appliance takes your one public IP
address and shares it with your computers using a technique called
Network Address Translation. Each computer on your network has a
“private” IP address, usually in the 192.168 range. These addresses
are non-routable – they will not work anywhere on the public
Internet, and a request for an address in that range or from ad
address in that range will go entirely unanswered. The most you will
see is a terse “no route to host” in the Terminal.
So nobody in the world can “see” your computers from the outside –
it’s as though they don’t exist.
BUT…
Now you have a single point of failure: the appliance.
There are zillions of these things out there, many different brands
and models, and they most usually run an embedded form of Linux. It
would be foolhardy to believe that with that many juicy targets lying
around, and that much to gain from breaching one, that the hackers
aren’t busily trying to find some way around or through them.
If some nefarious villain made it past the cryptic password you set
on your appliance (you did change it from the factory standard
‘admin’, didn’t you?) then they might be able to reprogram the router
to do something other than its intended task, maybe routing all of
your packets through a proxy server somewhere in the Baltic. You’d be
none the wiser, but then there might be that sudden disappearance of
money from your accounts.
Another approach might be for you to figure out which port your
EasyProject communicates over, and add a firewall rule to allow it.
Opening a single hole like this is not as big a deal as dropping
shields entirely.
Walter
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options