Welcome to the MacNN Forums.

subego · Apr 24, 2003, 12:03 PM

Well... the header sums it up.

I've got ipfw running, do I need to password my accounts?

More specifically, does my lack of password even matter until ipfw has been breached?

Along the same lines, is ipfw breachable on its default setting? (I'm talking garden-variety miscreant activity, not the NSA)

I'm not worried about securing my computer from those with physical access, in fact, the whole point of not passwording my accounts is to make things as easy as possible for those that do.

Any help would be vastly appreciated!

ghporter · Apr 24, 2003, 12:37 PM

I'm a pessimist when it comes to "if" a protocol, program, or firewall will be breached, so I'd advise you to password everything that's shared, accessible, critical, and private.

On the other hand, if you want people with physical access to not have to worry about remembering a password, why not just tape the password to the top of the monitor? That is VERY BAD at work or school, but at home, what's the worry? You trust the users at home, so just "give them the key to the door."

Camelot · Apr 24, 2003, 01:55 PM

hmm... Is it OK if I go out and leave the doors unlocked?

The doors are closed so it'll look to any burglar as though the house is locked so I'll still be safe, right?

subego · Apr 24, 2003, 02:51 PM

Originally posted by GHPorter:
I'm a pessimist when it comes to "if" a protocol, program, or firewall will be breached, so I'd advise you to password everything that's shared, accessible, critical, and private.

Agreed. Would I correctly infer from your statement however that it isn't publicly broken like WEP, nor is a passworded account a requirement of ipfw's full fuctionality?

On the other hand, if you want people with physical access to not have to worry about remembering a password, why not just tape the password to the top of the monitor? That is VERY BAD at work or school, but at home, what's the worry? You trust the users at home, so just "give them the key to the door."

Also agreed. This is what I'll do if I decide to password everything.

I'm finding it hard to make that leap though. I consider myself pretty paranoid about network security. Even so, that particular extra layer seems more trouble than it's worth.

Basically my network is critical (to me) but is not private[1]. Since I have nothing worth taking, this would most likely eliminate pre-meditated attacks. Which leaves random maliciousness to be the prime (if only) thing I'm defending against.

So I'm trying to rationally balance laziness with security. It's actually really really nice to not need passwords, and I can't think of a reason to use them other than extreme paranoia: i.e. a random malicious hacker won't be able to break ipfw, so go ahead and make life easier.

[1] This means even though this is a home-business network I have no professional secrets. Sure I'd like to keep things like my address book private, but should that fall into the "wrong hands" the worst they would be able to do is make prank calls.

subego · Apr 24, 2003, 03:00 PM

Originally posted by Camelot:
hmm... Is it OK if I go out and leave the doors unlocked?

The doors are closed so it'll look to any burglar as though the house is locked so I'll still be safe, right?

I appreciate the the analogy, but is this really how it works?

How does one open the door if their IP is blocked? Is this a simple procedure? Please enlighten...

ghporter · Apr 24, 2003, 03:04 PM

Originally posted by Camelot:
hmm... Is it OK if I go out and leave the doors unlocked?

The doors are closed so it'll look to any burglar as though the house is locked so I'll still be safe, right?

That's not at all what I said. I said (maybe with a poor choice of phrasing) that everybody that is authorized to have access to the house should have a key to it. This, at least to me, is the equivalent of taping a password on the monitor, assuming that the monitor isn't visible from outside the house, etc. The idea was to make passwording the system and software (to protect against outside, electronic attacks) as painless as possible.

Cipher13 · Apr 24, 2003, 05:21 PM

Well... it depends on what services your network runs.

Do you have AFP enabled? Do you have ssh enabled? FTP? Anything?

If not, then you're pretty safe... if there is no service to log into, you're doing pretty well... ipfw on top if that is even better. What's even better than ipfw + no services? ipfw + no services + password protection.

You can never be too secure.

On my home network, each user has their own account (5 members, my family)... each is password protected... is putting a password on really that much of a pain? Considering the added security and peace of mind? (Mind you, I'm as paranoid as they come about network security. Comes from sysadminning a high school, I guess.)

subego · Apr 24, 2003, 06:13 PM

Originally posted by Cipher13:
If not, then you're pretty safe...

Good. This is what I figured.

is putting a password on really that much of a pain?

Well... Yes.

I'm that lazy.

Thanks much for the info!

Cipher13 · Apr 27, 2003, 04:03 AM

Originally posted by subego:
Good. This is what I figured.

Well... Yes.

I'm that lazy.

Thanks much for the info!

I can totally empathise with the 'lazy' thing, but I have to, for the record, strongly recommend account passwords. Just a disclaimer.

subego · May 2, 2003, 01:28 PM

Thanks for the answers GH and Ciph...

Oh, I guess thank you too camelot