NETWORK INTRUSION PREVENTION FOR MAC OS X? (Newbie)

[davidka]

hello, i just wanted to know what would be the must haves for mac os X (10.2.4) concerning network protection.

i actually have (for testing):

1. two firewalls: netbarrier and IPNetSentryX
2. a NITS: Henwen (i.e. graphical snort)
3. spamfire: for entourage

i'd like to know whether these are good choices or whether there is anything lacking or better around. Henwen can be set up to actually block intrusions and not just sounding an alarm (with built-in Gardian), but this seems to be very risky at the moment (can easily be hacked).

Is there any good encryption app for emails available for X?

I have a question concerning Netbarrier: for incoming, i blocked everything (just as a test), but when i download from a link in a web page (HTTP), it starts downloading. Shouldn't netbarrier stop it?

Anything else that lacks? Any hints for a secure setup? Thanks!

 

[TommyWillB]

Why not simply go to the Shareing > Firewall Preferences Panel and turn on the BUILT IN firewall?

The next most logical thing is to put your machine behine a router that uses DHCP and/or NAT.

This ain't WinDoze. You are not going to get hacked just by turning the machine ON. Apple has shipped OS X with all of the services OFF by default, unlike WinDoze which has them all ON by default. (Can you say "honeypot"?)

.
.
.

Let us know what you think of spamfire... Also check out the latest issue of MacWorld. They compared several email spam filter plugins.

 

[TommyWillB]

Originally posted by davidka
...I have a question concerning Netbarrier: for incoming, i blocked everything (just as a test), but when i download from a link in a web page (HTTP), it starts downloading. Shouldn't netbarrier stop it?

No because you blocked incoming REQUESTS. A download is an outgoing request simply being returned.

Think of a download more like a pull, and an incoming thing like a push...


Also it is quite likely that you have blocked all incoming requests EXCEPT port 80, which is used for HTTP web requests.

 

[davidka]

thanks for the help, i'll check out your link.

 

[033]

One note about the built in firewall. It eliminates sharing the internet connection with local computers.

Also it's lame that you have to turn Internet Sharing on everytime you bootup.

 

[TommyWillB]

Originally posted by 033
One note about the built in firewall. It eliminates sharing the internet connection with local computers.

Also it's lame that you have to turn Internet Sharing on everytime you bootup.

Since I never shut down, I never noticed!

...


Oops... Correction.

I was thinking that I was using that to share my internet connection with my TiBook, but that goes straight out via my Airport... I'm only using the Printer Sharing thing, and that stays on after rebooting.