Archive for the ‘security’ tag
Leopard firewall and hotspot security
When I upgraded my MacBook Pro to Leopard last October, one of the first things I checked was whether the built-in firewall was running or not. To my abject horror, I found out that a) it wasn’t and b) it wasn’t really doing what I expected it to do, namely, keep incoming port-scanners out. Subsequent in-depth security analyses didn’t exactly raise my confidence much.
Since I do most of my development work on my laptop and so much of it entails running various types of servers locally, I set out to find something that actually kept snoopers out. A quick search led me to Intego Software and their NetBarrier product (Symantec’s Norton products don’t run native on the Intel CPU). There are people out there who don’t like Intego and their offerings, especially with the ‘hidden’ annual subscription fees associated with the software (now this isn’t unusual in the Windows world, but it’s something the folks at Intego should mention right upfront.) But I haven’t had any bad experiences with them. Besides, choices were few and I found a deal for under $60.
To be clear, most people at home connect to the Internet through a router that offers them NAT services which effectively blocks incoming connections. For those situations, a software firewall is overkill. But if like me, you spend a lot of time at public WiFi hotspots like coffee shops or away from known, trusted routers, then you’ll want to run a firewall to keep the legions of port-scanners out there at-bay. If you think you’re unlikely to be a victim of port-scanning, think again. Last time I set up a web-server with a static IP directly connected to the net, it took less than 15 minutes from the time the ISP turned on the tap to when the first port-scans came in. By the time I turned the server off a month later, the web-server log-file was chock-a-block full of known exploits and bizarre attempts at trying to break through — most of them through overseas IP sources and zombies.
But I digress.