Forums | MacLife

Being behind a NAT router if you're not already is also highly recommended (no matter what OS). They inherently provide an excellent firewall. A software firewall on each OS for each computer on your network is recommend in addition to the NAT router, to prevent bad things from spreading inside your network.

If you're surfing while rebooted with BootCamp, use Firefox. If you're using Parallels, just use whatever Mac browser(s) you already use.

There are themes available to make Windows look much more like OS X if you so desire.

Last edited by Macskeeball (2006-04-27 12:43 am)

Really, when you get right down to it, no matter what router you buy you get a blinking box of crap. I myself have a Linksys WRT54G, have had no problems, and like it because it has a low cost yet has extremely high flexibility. It's open-source firmware has allowed numerous alternative firmwares to be made, which basically means that you can make the WRT54G do whatever you desire so long as the hardware is powerful enough. You can literally give this $60 router $600+ Cisco level features (including running your own VPN for security while you're on other's open networks).

Others have taken issue with the fact that Linksys doesn't provide tech support for those who mention that they use a Mac. However, there are no actual platform specific issues whatsoever with the router itself, so you don't actually need to mention what OS you use. A Google search on Linksys easily brings up many useful sources of help. If this is really an issue for you, you can obviously just get another brand of non-Apple router (Apple routers are, quite frankly, rip-offs). Odds are that you will never need to call Linksys' tech support in the first place. It just works, and offers very high flexibility for a low cost.

Last edited by Macskeeball (2006-04-27 2:09 am)

2 routers??  do you have a link to that article?

Ah. A DMZ setup?

,xtG
.tsooJ

The article also mentioned that it was an added level of security for all users.

I agree that it is overkill for most people - just like WPA, IMO.

Gipetto wrote:

WPA used to be hot and secure - now its just another 5 minute roadblock for hackers.

WPA has not been cracked. What you are referring to is offline brute force and dictionary attacks. Use a random and long password and you'll be heavily protected. I recommend https://grc.com/pass

Gippy is right.

http://blogs.zdnet.com/Apple/?p=65
http://maisonbisson.com/blog/post/10283/
http://idunno.org/displayBlog.aspx/2004110601
http://wifinetnews.com/archives/004428.html
http://itvibe.com/news/1089/

It takes a lot of bandwidth to crack WPA. More than the average home user generates, so in general your uncle is probably OK. Business networks are the ones more at risk.

Macskeeball wrote:

ScifiterX wrote:

Gippy is right.

http://blogs.zdnet.com/Apple/?p=65
http://maisonbisson.com/blog/post/10283/
http://idunno.org/displayBlog.aspx/2004110601
http://wifinetnews.com/archives/004428.html
http://itvibe.com/news/1089/

Every single one of those articles is referring to short and/or dictionary based passwords. Offline brute force attacks- exactly what I was referring to. Long and random WPA passwords such as 66007989485B6E7C791E1060FA906E7AE151A8429A74257484E3A91A2C00608F (not my own, but an example of the sort of passwords randomly generated by https://grc.com/pass) will not be cracked with an offline brute force attack.

All of my networking equipment is capable of WPA2 (or even RADIUS) and I will happily switch when there is a need, but those articles indicate nothing but what I was writing about in my previous post. I have yet to see anything that would lead me to believe that am insufficiently protected by WPA (with TKIP, even) with a maximum quality password.

With all due respect Skee, having a password that incredibly long is just plain stupid. I understand that it is not yours, but no human would ever use a password like that. Imagine trying to log in. "Time to bust out the password Billy!" I think WPA2 is the way to go.

Jack Sparrow wrote:

Macskeeball wrote:

ScifiterX wrote:

Gippy is right.

http://blogs.zdnet.com/Apple/?p=65
http://maisonbisson.com/blog/post/10283/
http://idunno.org/displayBlog.aspx/2004110601
http://wifinetnews.com/archives/004428.html
http://itvibe.com/news/1089/

Every single one of those articles is referring to short and/or dictionary based passwords. Offline brute force attacks- exactly what I was referring to. Long and random WPA passwords such as 66007989485B6E7C791E1060FA906E7AE151A8429A74257484E3A91A2C00608F (not my own, but an example of the sort of passwords randomly generated by https://grc.com/pass) will not be cracked with an offline brute force attack.

All of my networking equipment is capable of WPA2 (or even RADIUS) and I will happily switch when there is a need, but those articles indicate nothing but what I was writing about in my previous post. I have yet to see anything that would lead me to believe that am insufficiently protected by WPA (with TKIP, even) with a maximum quality password.

With all due respect Skee, having a password that incredibly long is just plain stupid. I understand that it is not yours, but no human would ever use a password like that. Imagine trying to log in. "Time to bust out the password Billy!" I think WPA2 is the way to go.

Not trying to defend anyone, but honestly, if you have physical access to a router, there is no real need to memorize the password for eternity.

A factory reset can always be done, which resets the password to the default.  This cannot be done without physical access.

So unless someone breaks in and resets your router, you are safer with it.

I can't believe I just defended Skee.  I need to go bathe. 

The following is a description of how I personally secured my network.

-NAT router to prevent unsolicited incoming traffic
-UPnP turned off on the router
-Wired where appropriate (desktop) and wireless where appropriate (laptop)
-Wireless is encrypted with WPA-PSK with TKIP (least computationally intensive form of WPA) with an extremely random and 64 character long hex key
-Software firewall on each computer to resist attacks originating from any other computer within the LAN.
-MAC address filtering (easily spoofed)
-SSID hiding (easily sniffed)

While nothing is truly secure (what one mind can create another can destroy) and while "a meteorite could fall out of the sky" (as NAG said in another thread), it's still a good idea to lock the doors to your house. Security is a matter of layers.

Last edited by Macskeeball (2006-05-09 8:07 pm)

The linux based wrt54g routers are indeed very nice and flexible. The difficulty is that the latest revisions (version 5.0 and newer) of the wrt54g no longer run on linux, and are indeed closed source and inflexible.

If you can find a used wrt54g version 1.0 to 4.x the it will run linux. If you want a brand new router look for the wrt54L - which is essentially the same thing as teh version 4.0 wrt54g (meaning it has linux), and is a product that Linksys is still manufacturing and supporting.

I also suggest running something like ZoneAlarm on the pc - it's an whitelist based software firewall for windows that can prevent programs on your PC from making outgoing network connections as well as unwanted incoming connections (think of it like combining the features of LittleSnitch and the built in firewall on mac OS, but for windows). The free version (fully functional in/out firewall) is not that difficult to find on the ZoneLabs website, much easier to find than the free version of AVG mentioned at the start of this thread.

Last edited by smilr (2006-05-09 7:19 pm)