Firewall and Network Security: How Important?

[sunsnewmac]

I finally set up a home wireless network so that 2 PCs running XP and my MB can all see each other and share files. However, to do so I was forced to disable the firewalls on all three computers. My wireless router does not have a built-in firewall and I have not enabled any security key (eg. WEP)

I know this question is open-ended and debatable but how important are firewalls on a wireless network and how stupid am I to leave the network open, given I do have some sensitive data? I live in a high-rise apartment building in which many others have WiFi networks. What could realistically happen?

 

[xJulianx]

My advice: Secure that network NOW, if you have lots of other people using wireless networks (and yours is open with absolutely no WEP encryption) they can more than easily connect to yours and steal your bandwidth and even get to your files/bank info etc.

 

[Eraserhead]

WPA is the way to go in terms of security, but definitely don't leave it open.

 

[sunsnewmac]

I always liked the idea of letting other ppl share my network. I have "borrowed" other peoples in a pinch and feel I want to return the favor.

Does a secure network take the place of firewalls?
And besides securing the network on that level, what might I do to prevent problems?

 

[xJulianx]

I always liked the idea of letting other ppl share my network. I have "borrowed" other peoples in a pinch and feel I want to return the favor.

Does a secure network take the place of firewalls?
And besides securing the network on that level, what might I do to prevent problems?

This becomes a different story when you have a download cap and get people using your network with torrent clients. I really would advise you secure your network with WEP at the very least. If you aren't fust about people using your bandwidth, it makes it very easy for people to intersept information you are sending/recieving (including sensitive bank info).

 

[sunsnewmac]

ok, sounds like a good thing to do then--thanks for the advice

so for the record, can WPA/WEP take the place of a firewall and what else can I do (besides enabling the firewalls because I can't network while they are on)?

 

[sunsnewmac]

And this makes me wonder what good it all is anyway:

http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

 

[Eraserhead]

I always liked the idea of letting other ppl share my network. I have "borrowed" other peoples in a pinch and feel I want to return the favor.

You can always give people you trust in your apartment block the network password .

Does a secure network take the place of firewalls?

No, certainly not, especially on Windows.

And besides securing the network on that level, what might I do to prevent problems?

Mac side enable the firewall System Preferences==>Sharing==>Firewall

PC Side, the usual Antivirus/Anti Spyware/Firewall combination.

And this makes me wonder what good it all is anyway:

http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

But most people aren't 1337 haxxors, so won't be able to .

 

[sunsnewmac]

OK, good advice
then here is a question for you:
How can I set up my firewalls (on Mac and PC) for the home network?
As soon as I enable one or any of them, that computer cannot access/be accessed and the whole network becomes buggy. We share files regularly so this is a big issue for us.
Thanks!

 

[Sun Baked]

A firewall with no wireless security is best summed us as locking the doors on a house with no walls.

Sort of worse, since you are letting people directly into your home/business network and letting them bypass all your security.

 

[sunsnewmac]

a few more security Qs

With WPA2 enabled, can I get away without using a firewall?
And how important is network invisibility?

 

[CanadaRAM]

No... don't you understand that the wireless password only pertains to who can log onto your wireless connection? A firewall deals with -- once you ARE logged on and have an internet connection, what people on the outside world can see/connect to/hack on your computer.

If your router does NOT have a firewall built in, then you need to have firewalls on your invididual machines (and even if it does)

To oversimplify:

Computers communicate on the Internet through 'ports', numeric identifiers to which various programs and services will respond. When a request comes in on a particular port, say, port 80, and there is a Web server process running on the machine with port 80 open, then your machine's web server process will respond to WHOEVER it is out there, with a message that says "Yup, I'm open for business". They can proceed to then utilize that port to look for information or hack, depending on what's running and how motivated they are.

There are dozens and hundreds of ports for all different types of programs and services. You don't have a prayer of knowing what's going on in the background. And if a PC with open ports is attached to the internet, then its a matter of minutes or hours until it gets scanned and identified as a hacker target.

The point of a Firewall is that it denies responses to all ports, saying "no entrance at this door", or even better, stealths the ports, so it doesn't even appear that there is a door there to knock on.

Then, firewalls can selectively open certain ports (like filesharing) up to only certain machines or groups of machines, so you can have a functioning network. This, of course, requires you to read the instructions and set it up correctly.

The other thing a good firewall software does, is to monitor OUTgoing requests. So if you have brought spyware into your machine, the firewall should flag and block the attempt the spyware makes to make a connection to the internet without your permission.

So: WEP/WPA has ^$^#all to do with firewall security

You NEED a firewall either on the PC or on the router or both, or your Windows machines will become some of the millions of zombied slave machines that spew out spam and worse.

And lastly: You NEED to do some work to understand this stuff. It's not enough to say "Well $#^^ I don't know what all this means, so I'll just plug it all in and let my machines hang out there naked on the Internet." - besides the probability of your machines being mucked up, you will also be making it worse for the rest of us by making it easy for the bad guys and offering them safe haven in your machines.

 

[synth3tik]

If your using Comcast you will not want other people on your network as they have set a ridiculous download cap. First time you go over they cut you for 1 month (you still pay), second time they cancel your service (or you can pay every month for a year until your back on).

WPA is the way to go for network protection. You can also get a rather inexpensive router that has a build in firewall that will help out for internet threats.

 

[sunsnewmac]

No... don't you understand that the wireless password only pertains to who can log onto your wireless connection? A firewall deals with -- once you ARE logged on and have an internet connection, what people on the outside world can see/connect to/hack on your computer.

If your router does NOT have a firewall built in, then you need to have firewalls on your invididual machines (and even if it does)

To oversimplify:

Computers communicate on the Internet through 'ports', numeric identifiers to which various programs and services will respond. When a request comes in on a particular port, say, port 80, and there is a Web server process running on the machine with port 80 open, then your machine's web server process will respond to WHOEVER it is out there, with a message that says "Yup, I'm open for business". They can proceed to then utilize that port to look for information or hack, depending on what's running and how motivated they are.

There are dozens and hundreds of ports for all different types of programs and services. You don't have a prayer of knowing what's going on in the background. And if a PC with open ports is attached to the internet, then its a matter of minutes or hours until it gets scanned and identified as a hacker target.

The point of a Firewall is that it denies responses to all ports, saying "no entrance at this door", or even better, stealths the ports, so it doesn't even appear that there is a door there to knock on.

Then, firewalls can selectively open certain ports (like filesharing) up to only certain machines or groups of machines, so you can have a functioning network. This, of course, requires you to read the instructions and set it up correctly.

The other thing a good firewall software does, is to monitor OUTgoing requests. So if you have brought spyware into your machine, the firewall should flag and block the attempt the spyware makes to make a connection to the internet without your permission.

So: WEP/WPA has ^$^#all to do with firewall security

You NEED a firewall either on the PC or on the router or both, or your Windows machines will become some of the millions of zombied slave machines that spew out spam and worse.

And lastly: You NEED to do some work to understand this stuff. It's not enough to say "Well $#^^ I don't know what all this means, so I'll just plug it all in and let my machines hang out there naked on the Internet." - besides the probability of your machines being mucked up, you will also be making it worse for the rest of us by making it easy for the bad guys and offering them safe haven in your machines.

whoa!
it would appear you misunderstood where I was coming from, or simply thought I was your 8-year old kid.
i do know about the potential risks involved with not having a firewall enabled on my 3 home computers. however, it is the only way I can network the computers.
based on the others' good (and genuinely simple) advice I am enabling WPA2 but
besides that what can I do? if i need to network and firewalls are preventing the network from working then I will work without a firewall. I know the risk and was not seeking a lecture or insinuations that I don't do my own research, read product information and know how to set up routers or firewalls. I tried for weeks to do it with the firewalls on, posted here about it, and have done extensive research.
and sorry but I must point out your irony of using this line

To oversimplify:

i'd hate to see the long version

 

[sunsnewmac]

WPA destroyed the network!

the network doesn't work with the WPA security enabled. All our computers can access the internet but not each other. Before I enabled the security they were sharing files fine so, WTF? why would securing the network destroy the ability to share files between us?

SOLVED. sorry!

 

[rhoydotp]

the network doesn't work with the WPA security enabled. All our computers can access the internet but not each other. Before I enabled the security they were sharing files fine so, WTF? why would securing the network destroy the ability to share files between us?

SOLVED. sorry!

at least you solved it and sorry for your language

c'mon, these people are trying to help you. btw, for free!

 

[sunsnewmac]

i am very grateful and have done nothing to suggest otherwise. My saying "WTF" was at the air, not at anyone here, and it was not intended to offend.

 

[sunsnewmac]

and what is the difference between the previous poster saying "^$^#all" and then later belittling my original question by saying ""Well $#^^ I don't know what all this means, so I'll just plug it all in and let my machines hang out there naked on the Internet."

why is it you choose to criticise me instead? It was not I who chose a belittling tone Is an acronym worse than a bunch of strung-together characters like "&^&$^"? Especially taking into account the fact that I was not calling anyone names and was not trying to be rude?

And then why accuse me of being ungrateful? it doesn't make any sense to me and there was nothing to warrant that post, which like the one I am writing, has nothing to do with the original question.

i honestly did not mean to either ask a stupid question, offend anyone, or be ungrateful
let us end this and get back on topic please

 

[deadpixels]

i'm curious now, did you solve your problem? was it by making rules in the firewall of each machine to allow the two others to access?? cauz that's what i was going to suggest

 

[sunsnewmac]

actually, no it's not totally fixed
I do now have a WPA2 secure wireless network. However, firewalls are off on two of the three computers.
On the Mac, even when the personal file sharing and windows file sharing are allowed, networking does not work. The firewall must be completely off for the PCs to recognize it.
One PC runs Zone Alarm, which I have configured appropriately.
The other PC uses the built in XP firewall. Just as with the Mac, even though file and printer sharing is enabled those features will not work unless the firewall is off. Any tips on how to configure the MB? thank you for asking.

 

[Chimaera]

actually, no it's not totally fixed
I do now have a WPA2 secure wireless network. However, firewalls are off on two of the three computers.
On the Mac, even when the personal file sharing and windows file sharing are allowed, networking does not work. The firewall must be completely off for the PCs to recognize it.
One PC runs Zone Alarm, which I have configured appropriately.
The other PC uses the built in XP firewall. Just as with the Mac, even though file and printer sharing is enabled those features will not work unless the firewall is off. Any tips on how to configure the MB? thank you for asking.

In all honesty I'd suggest trashing your wireless router and replacing it with one with a stateful packet firewall or similar. I recently replaced my non-wireless one for a wireless one for £30 (about $60 to our American cousins). Once you have that you can disable to firewalls on the individual computers (which really do cock about with file sharing and the like unless configured very carefully, and I'm 99% sure the OSX firewall doesn't give you sufficient granularity of control) and instead have security from two angles:

1, Firewall to stop anything nasty coming down the wire at the point of entry.
2, WPA encryption to stop anything connecting to the network wirelessly without your permission. Could also look at MAC address filtering as an extra layer of security.

If any of the computers are laptops I would suggest disabling rather than deleting the local firewall as its useful to have on when connecting to an untrusted network.

 

[Eraserhead]

The other PC uses the built in XP firewall. Just as with the Mac, even though file and printer sharing is enabled those features will not work unless the firewall is off. Any tips on how to configure the MB? thank you for asking.

The XP Built in Firewall sucks, get a better one .

Try setting up remote access on the Mac System Preferences==>Sharing==>Remote Access, find the IP address of the Mac, (System Preferences==>Network==>Airport (or however you're connected to the network)), and then download WinSCP for the PC, it's a pain to setup (and if it stops working, it's because the IP has changed) but it should work through any firewall problems.

 

[deadpixels]

i think the advice about getting a new router wich include firewall is a good idea, you'll be protected from the outside world and can drop firewalls on all machines. if not does you machines have a fast ip addresses? you have to configure the firewall of you macbook to allow access from the ip's of the two other machines and vice versa.

 

[sunsnewmac]

In all honesty I'd suggest trashing your wireless router and replacing it with one with a stateful packet firewall or similar. I recently replaced my non-wireless one for a wireless one for £30 (about $60 to our American cousins). Once you have that you can disable to firewalls on the individual computers (which really do cock about with file sharing and the like unless configured very carefully, and I'm 99% sure the OSX firewall doesn't give you sufficient granularity of control) and instead have security from two angles:

1, Firewall to stop anything nasty coming down the wire at the point of entry.
2, WPA encryption to stop anything connecting to the network wirelessly without your permission. Could also look at MAC address filtering as an extra layer of security.

If any of the computers are laptops I would suggest disabling rather than deleting the local firewall as its useful to have on when connecting to an untrusted network.

all very good advice, i will look into investing into a hardware firewall.

The XP Built in Firewall sucks, get a better one .

Try setting up remote access on the Mac System Preferences==>Sharing==>Remote Access, find the IP address of the Mac, (System Preferences==>Network==>Airport (or however you're connected to the network)), and then download WinSCP for the PC, it's a pain to setup (and if it stops working, it's because the IP has changed) but it should work through any firewall problems.

I will install Zone Alarm on my boyfriend's PC, indeed.
And will look into WinSCP, thank you for the tip!

i think the advice about getting a new router wich include firewall is a good idea, you'll be protected from the outside world and can drop firewalls on all machines. if not does you machines have a fast ip addresses? you have to configure the firewall of you macbook to allow access from the ip's of the two other machines and vice versa.

yes, I think a hardware firewall will be a good idea in the future. just got a new router and it does have a firewall built in but I don't think it's very good.

so entering the IP addresses as exceptions on all the computers' firewalls should let us network with the firewalls on? I sure hope so, as networking the MB with our PCs has been incredibly buggy and intermittent for us
i'll try to post back with results/updates/further complaints