> At Starbucks the other day (no Airport at this one), a friend of a > friend was finishing up his homework assignment on computer security.
Heh, tell him to keep reading. > Some day I might be able to > look at his set up and clarify my questions, but he's a PC user and I'm > not sure if his generalizations apply to macs. Generalizations in this sense do apply to macs (for the most part) only in the sense that macs access data from the internet in the exact same way every other platform does- through open standards such as TCP/IP, DHCP, PPP, etc. The only differences really come into play once you are actually dealing with the computer itself and the platform's capabilities. > He said that the only decent router would be thousands of dollars in > cost. B.S. As an example, let's say you have a friend who drives indy cars for a living, and you tell him you are in the market for a new car and ask his advice... Which turns out to be "you can't get a decent car without spending at least $350,000." You'd probably realize that his mindset was in a completely different place from yours, and that his environment had colored his viewpoint to an extreme. > He suggested that most firewalls were only good to a very limited > degree and asserted that any good hacker can bypass them. Well, let's qualify this- any =good= hacker can pretty much take down anything, usually by somehow figuring out a way to go around whatever security measures you have put in place in a way you never considered. Kevin pretty much gave you an example of what a firewall does- it won't stop an email virus, it won't stop a trojan, it won't stop a lot of things. All it does is keep other people from probing your machine for security compromises and then making your machine their bitch after exploiting them. :) > What intrigued me was this; > He said the best way to set up a secure home network was to use a > computer as server and then connect all other ubits to the server. OK, I > was intrigued but it got over my head quickly. It made sense on first > listening, before I forgot the details. He's talking overkill. Extreme, almost masochistic overkill. :) You'll see this in technical networking forums, where someone asks for good cheap router recommendations and they always say (take a cheap pentium and put linux or BSD on it!) before some calm voices of reason step in. One thing to keep in mind is that the "crunch box" is right now considered to be the most secure router/firewall combination that is out there right now. We're talking a dedicated P3 computer running a modified openBSD <http://shopip.com/index.html> which retails for around $7k. If you weren't familiar with him, John Draper (the inventor) didn't invent phone phreaking and system breakins but besides mitnick was probably the most well known. Even Steve Wozniak has gone on record as saying it's unhackable. The reason I mention the above is that you're talking about completely different markets. One watches for intrusions, and actively knows something isn't right and takes steps to stop it... While allowing a =lot= more flexibility than a normal firewall. The other just keeps people out. Ie, OS9 didn't even need a firewall, because it had no functionality that could be exploited- as your capabilities expand so do your weaknesses. > Provided one has a spare Tangerine iBook around (when not used for > faxing), is this relatively easy to do? He implied that the > server computer protected any other unit from receiving unsolicited > pings or whatever...what I don't get is how one could still use the > internet on the non-server computers. > > Does anyone out there do this? Could I use a 366 or 300 iBook as a > server and connect my Pismo and iMac to it as a way of setting up an > impenetrable network. Mind you, I'm not dealing in state secrets... > Does one need special Apple server software to do this? Uh, well... It still won't be impenetrable, and to be honest if a normal script kiddie or hacker is going across systems he is looking for someone that has just hooked up their cable modem to their computer and leaves it on all the time with no protection whatsoever. :) For them to actually go after your system would be so much effort it usually just isn't worth it. It just wouldn't be very cost effective- you'd get just about the same protection of setting up a whole separate box as you would get with an apple airport, with a whole lot less POF's. I'll disagree with what david said only in the fact that it's even easier than he made it out to be. :) There is a firewall in OSX, it just isn't turned on by default. There are numerous shareware/freeware apps to access and configure it (brickhouse being the fav). Then, all you have to do is be able to share your connection to the rest of the computer. Normally this is done via DHCP & NAT, and you can download a freeware tool to enable that on OSX too. In fact, if wanted you could enable this on your normal desktop machine and have all the machines sharing its connection. The only real difference in protection between doing that and a dedicated machine is that if the dedicated machine was cracked through an exploit they would then have to go after your other machines which might slow them down a bit. Don't get me wrong, I'm all for security... But OSX's software firewall or a cheap $150 router with a hardware firewall will pretty much take care you. Michael Bryan Bell ------------------ ICQ: 16106263 Yahoo: mhbell1 No Link for you! AIM: drunkenbatman -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
