So if OS X's built-in firewall settings are minimal, is a hardware router the best addition to a home network? I have a few Macs right now on this network. Each has a static IP provided by my ISP. The DSL connection is shared through a 5-port ethernet switch. On the OS X machines I have all the built-in firewall software enabled. My 9600 runs 9.1 with AppleTalk off and FileSharing off.
In general, an external router/firewall is better, for a number of reasons:
1) Single management point. Set the firewall up at one place then you don't need to manage separate firewalls on your individual computers. And you don't need to worry about things breaking (intentionally or not) on your Macs during updates and such.
2) Protected LAN (outbound). Since the router only passes data addressed to the outside world thru the WAN port, you can do whatever you want on your home LAN, without worrying about "leakage".
3) Protected LAN (inbound). The firewall rules keep out probes and such.
3a) Some DDoS protection. Let the kiddies pound on your router, not your individual machines.
4) NAT. Lets you put thousands of machines (virtual or real) on your LAN. Only one or a few public IPs are needed.
The above is just about basic routing and ip:port based filtering. A more sophisticated firewall, that includes packet sniffing (inspection), lets you control things at the application level. This lets you watch for specific viral/worm activity; a necessity, IMO, if you have Windoze machines.
I have been wondering about this for a while and have been considering something like the Asante FR1004: http://www.asante.com/products/routers/FR1004/index.html
Would this make my home network more secure? Something like this is only about $30 from amazon.com.
Nice router. It will do just fine. I see they've added packet inspection features to it! :)
HTH, - Dan.
-- MacNetwork is sponsored by <http://lowendmac.com/> and...
XRouter Pro | Share your DSL or cable modem between multiple computers! Dr. Bott | Only $199 <http://www.drbott.com/prod/MIH130.html>
Support Low End Mac <http://lowendmac.com/lists/support.html>
MacNetwork list info: <http://lowendmac.com/lists/macnet.html> --> AOL users, remove "mailto:"; end list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/macnetwork%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
