Professional Web Applications Themes

Wifi -- do I need software firewalls on all my computers? - Mac Networking

I use WEP and in addition I run a closed network so casual war drivers can't see me . . . although I'm sure the really dedicated evil ones can if they want. I realized that if someone should manage to get into my wireless net, they would already be behind my router firewall. Does that mean I need to enable the software firewall on all my local computers? Even the ones that are connected to my router by wires?...

  1. #1

    Default Wifi -- do I need software firewalls on all my computers?

    I use WEP and in addition I run a closed network so casual war drivers
    can't see me . . . although I'm sure the really dedicated evil ones can
    if they want.

    I realized that if someone should manage to get into my wireless net,
    they would already be behind my router firewall. Does that mean I need
    to enable the software firewall on all my local computers? Even the ones
    that are connected to my router by wires?
    fishfry Guest

  2. #2

    Default Re: Wifi -- do I need software firewalls on all my computers?

    In article
    <comcast.net>,
    fishfry <com> wrote:
     

    I don't really think so. All the software firewall does is prevent the
    system from listening on ports. As long as nothing's listening, it
    doesn't matter if there's traffic going to the port.

    That said, I'd run with the Panther software firewall on anyway. It's
    there, why not use it?
    Steven Guest

  3. #3

    Default Re: Wifi -- do I need software firewalls on all my computers?

    In article <vf.shawcable.net>,
    Steven Fisher <net> wrote:
     
    >
    > I don't really think so. All the software firewall does is prevent the
    > system from listening on ports. As long as nothing's listening, it
    > doesn't matter if there's traffic going to the port.[/ref]

    Hmmm. I use my desktop machine as a server. It accepts telnet, ftp, and
    http requests from my laptop and any other miscellaneous system on my
    local net. That's why I have it behind a firewall, so the outside world
    can't get to my local net. That's why I'm concerned. Once someone's on
    my local net, they are behind the hardware firewall.

     

    Does it interfere with the router firewall?
    fishfry Guest

  4. #4

    Default Re: Wifi -- do I need software firewalls on all my computers?

    In article
    <comcast.net>,
    fishfry <com> wrote:
     

    Ah. Okay, well, you are vulnerable then. But Panther's firewall won't
    help you. It blocks unexpected software from listening, but (for
    instance) web sharing will still respond to any requests it gets.

    I'm not sure what exactly would, beyond good passwords and possibly VPN
    (way beyond my expertise)... I'll let someone else handle the question
    now. :)
    Steven Guest

  5. #5

    Default Re: Wifi -- do I need software firewalls on all my computers?

    fishfry <com> writes:
     

    Any piece of hardware with an active wlan device is obviously no
    longer protected by your router firewall. To be reasonably secure,
    you'll have to do a number of things.

    For a start, you'll have disable any wlan device your _server_ might
    have.

    Your wlan access point should have its own firewall function; only in
    that case will the wired lan be about as secure as before.

    If you want to secure your wireless clients, each of them will need
    its own *well-configured* firewall. Besides, you need to protect not
    only those machines from outside interference, but also their
    server connections from eavesdropping and/or spoofing.

    Running an additional encryption layer (e.g., virtual private network
    connection) between clients and server is recommended. You already
    seem to know or suspect that WEP does not offer full protection
    against dedicated war drivers.

    If that sound confusing, draw a diagram: make a circle that denotes
    your 'secure' zone. Put your server and wired lan inside; your wlan
    clients outside. Think of your wired lan as a walled medieval city and
    your wlan clients as surrouding villages. The circle ("city wall") has
    two gates: the (dsl?) router and the wlan access point. Now try to
    figure what a bad guy might do: He could (a) try to force his way into
    city or any village or (b) sneak in, disguised as someone authorized
    to enter. Or any combination, like, storming a village, then forcing
    the mayor to issue a pass for the city...

    J:)rgen

    --
    J:)rgen T. Stockburger, Stuttgart, Germany
    Stockburger at po . uni-stuttgart . de
    J:)rgen Guest

  6. #6

    Default Re: Wifi -- do I need software firewalls on all my computers?

    fishfry <com> wrote:
     

    So what "miscellaneous systems" do you have? If your wireless goes
    through an Airport Extrem base station, then you can lock down access to
    the wired portion to specified computers, which would be ok if you know
    what computers you want to allow access from. Check under "show all
    settings", "Access". I don't know how secure this would be, and of
    course it doesn't protect computers on the wireless side.
    --
    Send e-mail to the Reply-To address;
    mail to the From address is never read
    Daniel Guest

  7. #7

    Default Re: Wifi -- do I need software firewalls on all my computers?

    fishfry <com> writes: 

    Ditch the telne and ftp. Use the ssh server instead - you can use
    slogin and sftp to login and transfer files. These are encrypted so
    an intruder can't get your passwords by snooping packets. You can
    also configure SSH to only accept connections from specific users, or
    from specific machines. You can also require pre-configured
    encryption certificates to prevent someone from hijacking one of your
    IP addresses.

    As for the web server, you can't secure it in that way, but it
    shouldn't be a backdoor into your system if you don't run any
    compromising CGI scripts. If you delete/disable the CGI (or at
    minimum, keep up with the latest security updates and don't write
    your own CGI), then this shouldn't be a vector for someone to break
    in.

    -- David
    David Guest

  8. #8

    Default Re: Wifi -- do I need software firewalls on all my computers?

    On Sun, 07 Mar 2004 16:39:57 GMT,
    David C. (com) wrote:
     

    ???? You can make your webserver as secure as you would like to
    -- accept connections from specific IP addresses or IP ranges, and
    require authentication before permitting access to pages.
     

    Perhaps better stated as - write _secure_ CGI. I found the first
    edition of this book <http://www.oreilly.com/catalog/cgi2/index.html>
    very helpful 10 years ago when I started writing CGI. It's likely
    the second edition is only better.

    --
    Bev A. Kupf
    "The lyfe so short, the craft so long to lerne" -- Chaucer
    Stripes - Martha Stewart's new Spring collection
    Bev Guest

  9. #9

    Default Re: Wifi -- do I need software firewalls on all my computers?

    "Bev A. Kupf" <net> writes: 
    >
    > ???? You can make your webserver as secure as you would like to --
    > accept connections from specific IP addresses or IP ranges, and
    > require authentication before permitting access to pages.[/ref]

    If a person's providing web-access to his computer, he can't start
    blocking out everything in the world.

    Requiring authentication for some pages, still requires
    unauthenticated access to other pages. Which means that a server
    vulnerability in that area can still be exploited.

    It's not like SSH, where you can block out people at the MAC-address
    level and force them to have off-line-installed certificates before
    establishing the connection in the first place.

    -- David
    David Guest

  10. #10

    Default Re: Wifi -- do I need software firewalls on all my computers?

    On Sun, 07 Mar 2004 17:46:02 GMT,
    David C. (com) wrote: 
    >>
    >> ???? You can make your webserver as secure as you would like to --
    >> accept connections from specific IP addresses or IP ranges, and
    >> require authentication before permitting access to pages.[/ref]
    >
    > If a person's providing web-access to his computer, he can't start
    > blocking out everything in the world.[/ref]

    ???? Unless he wants to. Why do you make the _assumption_ that he
    wants to provide web access to the world.
     

    Depending on how you set authentication up, you can, in fact, do this.

    --
    Bev A. Kupf
    "The lyfe so short, the craft so long to lerne" -- Chaucer
    Stripes - Martha Stewart's new Spring collection
    Bev Guest

Similar Threads

  1. Replies: 10
    Last Post: January 2nd, 12:58 PM
  2. Replies: 0
    Last Post: August 17th, 03:12 AM
  3. Replies: 4
    Last Post: July 15th, 07:56 AM
  4. Replies: 3
    Last Post: July 11th, 05:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139