Do I need a firewall?

R

RonaldMacDonald

Registered
I have a router hooked up to a fiber-optical connection. I have three Macs and one PC hooked up to the router. Two of the Macs are OSX and one is OS8.6 (don't use it much).

Do I need a firewall and if so, what should I buy?
 
Yes, you really need the firewall. But I am wondering why you are thinking of buying it. Your router should have one implemented, right? If not, you might want to turn on the firewall of each mac in your lan. Not really elegant, but the best you can do without spending money.
 
RonaldMacDonald said:
Do I need a firewall and if so, what should I buy?
Click to expand...
The answer is a definite yes, no, no, yes. Your router should provide Network Address Translation which does a good job of screening the IP address of your machines from external sources unless you are running HTML or FTP services that you want accessible to the internet and have opened ports in that firewall. For maximum protection it is also advisable to protect each of your machines with their own firewall.

So...
  1. Yes Given the extreme vulnerability of Windows you do need a firewall for your PC. I have no idea what is available for PCs so someone else will have to advise you there.
  2. No and No you do not need a firewall for your OS X Macs because there is an industrial strength firewall called ipfw built in. All you have to do is turn it on in System Preferences > Sharing. If you want to fine tune it the shareware app Brickhouse has all kinds of possibilities and includes a "wizard" to make it even easier.
  3. Yes you probably could use a firewall for your 8.6 Mac but I can't recommend any that will run on 8.6. Since you "don't use it very much" the NAT in your router might be sufficient protection.
 
Yes you definitely need a firewall.

I would suggest a router-based firewall, it'll do the best job at protecting your network with the added bonus that you only need to configure one (and you can leave the other macs un-firewalled, unless you're really paranoid, which you don't seem to be).

The other thing you need to consider in implementing a firewall is your connection. Since you have an optical connection (i.e., rediculously fast :p) you're a prime target for being used as a 'drop zone' for hackers. That means they try to hack into your computer and use your fast connection as a file mirror for various things like videos and big application ISOs--something people on dial-up connections don't need to worry about because their connection is too slow to bother with.

I have 3 computers behind my NAT with the firewall on. I tried to portscan my address from outside my network to check for holes...it wouldn't even tell me that there was a computer at that address at all, let alone that any services were open :)
 
If I go to http://scan.sygatetech.com/quickscan.html it tells me that all of my ports are blocked except two which are "closed." I guess that puts me in danger. As all the other ports are "blocked" does that tell me there is firewall software installed in my router? I didn't specifically buy it, I am just wondering if it came with it.
 
No firewall = bad idea.

I'd check to see if your router has a built-in one first, if so enable it. If you want to go with a software method on top of that, then grab a copy of Zone Alarm (free version) for the PC. OS X has a built-in one and there are some apps out there to make it easier to control. Not too sure about pre-X.

--

What brand/model of router do you have? Check your docs or look on their site to see what it has. Also, make sure you changed the password for any admin logins to the router setup to something not easy to guess.
 
As it turns out, the router does have a firewall. However I checked it with Quick Scan:

http://scan.sygatetech.com/quickscan.htm

and it told me that all ports are blocked except 113 and 80, which are "Closed." According the the scan, that puts me in a dangerous position. However, when I called the manufacturer of the router, they told me if I blocked those two ports that I would no longer have access to the internet. Now, I don't know what to believe.
 
Actually all ports below 255 are some sort of service ports. Port 7 echo, 21 ftp, 22 ssh, 23 telnet, 25 smtp... 80 http, 113 identd/auth ... 143 imap..
These are not supposed to be blocked by the firewall.
In short: everything is alright. You have your firewall properly adjusted. :)
 
You must log in or register to reply here.
Back
Top