Mac Forums

Mac Forums (http://www.mac-forums.com/forums/)
-   Switcher Hangout (http://www.mac-forums.com/forums/switcher-hangout/)
-   -   What Are Your Security Settings? (http://www.mac-forums.com/forums/switcher-hangout/188019-what-your-security-settings.html)

robotboy175 01-23-2010 11:26 AM

What Are Your Security Settings?
 
still working my way around - just wondering how paranoid mac users are! :Smirk:

i do have the firewall up, that's about it.

anything else i need to check?

cwa107 01-23-2010 12:27 PM

I would say turn the firewall on (particularly if you're not behind a router or if you're using a public network) and put it in "Stealth" mode. That's about it.

Stealth mode keeps your machine from responding to port scans. You can enable it by going to System Preferences => Security => Firewall tab => Advanced button.

chscag 01-23-2010 03:27 PM

Quote:

anything else i need to check?
In addition to the advice by cw107, if you are using a router and running wireless, use the strongest possible encryption method that you can. Preferably WPA2.

Regards.

cwa107 01-24-2010 11:20 AM

Quote:

Originally Posted by chas_m (Post 986285)
Actually, turn the software firewall OFF. You already have a superior hardware firewall in place -- it's called your router. Your software firewall won't stop any port scans or DDOS attacks, because that's already been stopped at your router. Don't take my word for it, check your logs. Compare the ones from your software firewall to your hardware one.

That assumes the machine never leaves the internal network. If it does, particularly if it travels to public networks (at a Starbucks or a Hotel, for example), you're going to want it turned on.

It won't hurt anything to have both a software and hardware firewall turned on, so it's better to be safe than sorry IMO.

bobtomay 01-24-2010 11:33 AM

We have also seen a lot of network issues related to cutouts, intermittent access and general access problems with the SSID turned off that disappeared once turned back on.

There shouldn't be any issue having SSID on with anyone using WPA2.
The real thieves/hackers/etc will be able to find the network in any case.

toMACsh 01-24-2010 03:01 PM

My security settings are classified information. Sorry.

If you tell anyone I posted here, I'll deny it.

OnceYouGoMac 01-24-2010 04:58 PM

I have the firewall on in full stealth mode. To the poster above, how do I turn off those settings you mentioned?

TattooedMac 01-25-2010 07:16 AM

For my security Little Snitch works well for me ....

miles01110 01-25-2010 09:26 AM

I use strong passwords.

mbohn 01-25-2010 09:57 AM

Quote:

Originally Posted by miles01110 (Post 987074)
I use strong passwords.

Black Holes and Snowy Mountains The 14 People You Meet in the Apple Store

Too funny. I don't spend too much time in Apple stores to confirm if this is true but it sure is entertaining. Thanks, Miles.

cwa107 01-25-2010 09:58 AM

Quote:

Originally Posted by chas_m (Post 987032)
Nope.

Starbucks uses a router as well. So does the hotel. Indeed, so does everyone with broadband. This is simply not an issue for Mac owners, because the things you should be conscious of regarding security on a public network (unencrypted passwords, etc) are not dealt with by a software firewall. At all.

Sure, but if someone is probing you on a public network (i.e. one of the other machines on the same LAN), your computer is going to be responsive. Additionally, if someone happens to join a LAN and is infected with a worm that your machine is vulnerable to, you're at risk.

In my professional experience as a network admin for more than a decade now, I'll have to humbly disagree with you on this point. Sure, if you're having connectivity problems, by all means, don't run a software firewall. But I can tell you that I've had my software firewall turned on and in stealth mode both on my Windows machines and my Macs for quite a long time now and never have I had an issue that was directly attributable to the firewall being turned on. With that said, I have had to repair customer machines infected by worms that exploited a zero-day vulnerability in Windows that would otherwise have been safe if they were firewalled at the client. In particular, the CodeRed and Blaster worms should have been a wake-up call to any Windows user considering not running a software firewall. Those worms were the reason that MS finally forced the firewall on by default when they released SP2 for XP.

In my opinion, an ounce of prevention is worth a pound of cure - especially with Apple's lackadaisical attitude toward patching security vulnerabilities.

technologist 01-25-2010 10:11 AM

I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.

It's less of a problem if you have a desktop at home and have a small network of computers you control. But if you're a notebook user, or a student on a university ResNet, or a corporate user on an internal network, then you should protect yourself against the other network users.


All times are GMT -4. The time now is 08:31 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.