[Preciousss]

This is the first time I've been able to wirelessly connect to networks (on my new SuperBook)!

I didn't modify any of the settings in the Network or File Sharing control panel. Do I need to enable any security/firewall settings beyond the default? Here's my setup:

At work I'm on our wireless network behind our firewall. Does this mean I don't have to worry? What about at other places like coffee shops? Is there a setting I should change so that wherever I am, there's always a built-in firewall (or whatever) established on my computer's end? Doesn't OSX have one built in that requires no configuration?

What about dialup?

Also, I'd like to eventually get broadband at home. With the modem/router's firewall, is there anything in addition that's recommended for me to configure on the computer's end? Just wondering how much this would differ at home with a direct connection to the modem/router via ethernet vs. wireless at work.

I've read about things like Brickhouse that might be good in addition to OSX's builtin firewall. Does one need to get this?

I guess the bottom line is that I don't want to iinadvertently give people access to my stuff when I'm on a network (wireless or otherwise).

The converse of this is granting file permission access where I specify. If I do this, are users given access only to my Public folder and what I place in there?

Sorry for the scattered nature of these questions. Thanks.

[solvent211]

Ignoring wireless aspect, there are two sources of threats. The first source is from the internet at large. The firewall at work will protect your computer from external internet threats (at least to the same extent as it protects other boxes on your work network). This firewall will probably not provide protection to your machine from other machines on your work network. This is the second threat. If you trust your co-workers and the systems adminstrator, you're probably ok. If not, you'll want a firewall running on your Mac. Your broadband/home network falls under the same scenario. A router with firewall enabled will block external threats, so the question is do you trust the other users on your home network or not??

You'll definately want a firewall enabled when you use public access points (e.g. coffeeshops). Who knows what that caffeine junkie in the corner is up to .

For dialup with a dynamically assigned IP, I don't usually worry about firewalls too much. Assuming you're not connected for hours or days on end, you're probably at low risk.

OS X's built-in firewall, ipfw, is command line only for versions prior to 10.2. 10.2 added a GUI interface, but its rather limited. If you don't relish messing around with manual configurations and CLI's, something like Brickhouse is worth the few bucks.

[DigitalEl]

/// NEW QUESTION IN OLD THREAD ///

Figured I'd post in this old thread rather than start a new one. Still, the search feature didn't help me find a satisfactory answer to my question/problem.

I just got high-speed Internet through Cox Cable. When I went to the Firewall tab in the Sharing preference pane, it already read: Firewall On. Click Stop to allow incoming network communication to all services and ports. I left this alone.

Does this mean I can leave my Mac awake for an hour or so when away from it without real fear of shenanigans from someone unknown, or should I still religiously put it to sleep, therefore shutting down any activity, including the cable modem?

I know this question is basic for many of you, but I appreciate your eyeroll-free answers. I even have three OS X books which have only cursory mentions of firewalls... Either that or I'm just not looking for the right thing in the index.

[Finny]

Obviously there's no exact answer to this. IT security is relative. But yeah, unless you have some specific reason to fear shenanigans, the OS X firewall should allow you to stay connected via broadband with a reasonable degree of security.

[DigitalEl]

Thanks for your reply.

Going on the assumption that there's no hard & fast, one size fits all answer for this... Would any of you recommend some third-party software firewall to supplement the built-in OS X one for the typical user?

[Krusty]

My 2 cents. You could buy yet another software firewall that duplicates/enhances the one built in to OS X (such as NetBarrier X ... which is pretty popular). But for the same money or LESS (NetBarrier is $60) you could just go buy a hardware firewall/router and plug your computer in downstream of it.

This gives a few advantages, IMHO:

You can block out traffic from the internet and only allow access to certain ports thru the router (just like a software firewall, I suppose). But, since the blocking is at the router level and not the machine level, it can allow you to have lots of helpful ports on your machine open to other machines on your local network while still keeping them safe from internet snoopers. In other words, it allows two "zones" of security -- one for the internet and one local.

Also, with a router/firewall, the PPPoE software needed to connect to the internet AND the firewall duties are offloaded to the router ... saving your machine from having to constantly run these services.

Obviously .. you'd have to ability to share your internet connection with others in the house (or even friends who might drop by) and directly network machines behind the router's firewall.

Supports any OS and mixed OS networks. My current home network contains 2 macs, a PC, and a PS II (and soon, a wirelessly connected PC laptop) -- all connected simply and easily without having to configure each device with all of the ISP settings.


.... You get the idea. Why go for 3rd party software when you can get a bona fide hard firewall that is much more flexible and has better future expandability ??

[DigitalEl]

Sounds simple enough. One last question. If I go with a hardware firewall, can I then turn off the built-in OS X firewall? What, if any, benefits are their to disabling the OS X firewall in this situation?