Do i need firewall ?

Similar Messages

• Do i need firewall / antivirus?

  As the title suggests, im a very long time pc user and have just come over to the Mac by purchasing new macbook pro which is now 2 days old.
  my question is as well as the built in firewall do i need any other protection like antivirus or firewall
  thanks

  Abuse? Good friggin' grief.
  Check this link.
  http://www.macworld.com/article/49459/2006/02/leapafaq.html
  Leap-A is not a true virus, in that it cannot spread from machine to machine without human intervention.
  What does Apple have to say about all this?
  Here’s what the company told my colleague Peter Cohen:
  Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file. Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet.

• Need firewall help

  I am curious of how to set a frewall on my Linksys Wireless router. I live in an apartment building, and it seems if my neighbors are getting on the internet through my wireless router. Due to this, I find my connection VERY SLOW at times.
  I need to know how to set a firewall so my neighbors CANNOT access the internet through my router.
  Any ideas????

  If you've installed a software firewall, or you're using the Windows XP SP2 firewall, you'll have to disable a router's firewall. This is one case in which "the more the merrier" doesn't work. If you haven't installed Service Pack 2 (SP2) for Windows XP, turn off the Windows XP Internet Connection Firewall (ICF) and either install a software firewall program or use a router with a firewall feature, as discussed previously. To turn off ICF, follow these steps: 1. Choose Start --> Control Panel --> Network and Internet Connections --> Network Connections. The Network Connections folder opens, displaying an icon or listing for your Internet connection(s). 2. Right-click the Local Area Network Connection, and choose Properties. The Properties dialog box for your connection opens. 3. Click the Advanced tab, and deselect the option to use ICF.
  http://www.networkmagic.com
  http://www.purenetworks.com

• I need firewall for 40 users

  hello Support I need help,
  please recommend firewall to allow 40 users to filter traffic and block sites like facebook or msn, filter viruses or spyware.
  Model SA540 SA540-K9 Security Appliance, does it meet the requirements?
  thanks

  Is there a reason you could not use an ASA-5505 instead?
  Do you already have an infrastructure in place? If so, you could simple add the 5505 between your external facing router and your ISP and that could work for you.
  However, in answer to your initial question, yes, the SA540 would also work.

• Do I need firewall/antivirus/spyware programs on a mac?

  I hope this is in the right place.
  Can anyone tell me if it is necessary to have any sort of anti-virus software, spyware software and/or extra firewall installed on a mac, and if so, which ones?
  I've been trying to research the matter and I keep coming up with the polarised answers of: Macs can't be hacked or broken in to and not to worry about it because the inbuilt Leopard firewall is protection enough and extra software will just unnecessarily slow down the performance of the mac... or... yes get an extra firewall because "only the paranoid survive".
  I've recently converted to macs after many years of Windows nonsense but I'm too afraid to start doing Internet Banking, online shopping and anything concerning identity information, even down to the files on my computer of which are private and confidential - I'm yet to put anything on here that is worth stealing or private because of this.
  Under the Security pane of System Preferences, in the Firewall tab, I have chosen "Set access for specific services and applications" which I've heard is the equivalent of actually turning the firewall on. But then with every new program I open that requires an incoming or outgoing connection, I'm then asked to allow this, and of course I choose yes in order to make the program function properly. Is this a bad idea also? Am I defeating the purpose of the above setting by allowing programs such as iChat, Firefox and Soulseex to have these connections?
  I've even considered installing Windows on here because I can install Norton 360 and other such spyware programs so I can then do banking and online shopping on that side of the mac.
  It's a mouthful but I don't know where else to turn. Any help would be appreciated.
  Thanks,
  Joe

  While there are no known viruses that attack Mac OS X at the present time, it is possible for spyware to get onto your Mac.
  So I go to lenghts to protect my user. A hosed system can be replaced but a compromised user folder is compromised forever. Along with all your important data like bank records, credit cards, ... I.e. your "identity" stolen.
  The best way to avoid that is by using your built-in firewall which is industrial strength and/or a hard wired router, downloading only from "trusted" sites, installing all security updates and being careful about what you give administrative power to. It is also recommended to run day to day tasks from a non-admin account.
  Don't use Limewire or any other P2P service to download your software, get it from reputable sources. In addition, always keep at least your users backed up, preferably a clone of your entire system on a separate disk. And put your sensitive passwords, bank accounts, credit card numbers in a "secure note" in a new keychain or in an encrypted folder.
  If and when a Mac virus does appear it will be headline news and you can download the AV software then. If you feel you have to run an AV program I'd suggest ClamXav a mac friendly freeware app that is very stable with OS X. It will check for known virus signatures at any rate.
  Hope this helps.
  -mj

• Need firewall/ router / nat / vpn recommendation

  As the title states, I'm looking for an all-in-one hardware solution (not software) that will work seemlessly with our xserve. Right now we are using a consumer grade Linksys vpn/router as a temporary solution. We also have a business series linksys 24-port switch, so I don't need the router to handle any of that.
  We have about 15 users in the office. The vpn will need to support about 3-5 users at any one time, both Mac and Windows clients. We would like to utilize PPTP since it is easier to setup. The internet is provided via Cox cable and sits around 5MB of bandwidth.
  Any recommendations would be greatly appreciated. I would prefer to base this purchase on those who use a solution in a production environment as opposed to hearsay.
  Thanks in advance.

  We use a SonicWALL TZ 170 for that, and it works fine. The current product is the TZ 180, its replacement, which is a bit faster. The TZ 180 can handle 5 MB bandwidth with Intrusion Prevention Services on (signature watching on packet inspection); about 6 MB is the real limit for the TZ 170 with IPS (don't believe the marketing sheets that say faster). With 15 users in your office, you might want the PRO 2040 rather than the TZ 180 for increased processor power. Avoid the 1260, which is essentially just a TZ 170 with a switch on the back end.
  Supports the major VPN protocols. If you want to use IKE, you will need the Equinux VPN Tracker client for the Macs (SonicWALL doesn't have a Mac VPN client). Note that their Vista VPN client is now in beta, people are having mixed results with it. No Vista 64 bit VPN client is even announced.
  We have used it for several years with Mac VPN (VPN Tracker) from iMacs at our homes to our Xserve G5 and LAN, works fine. SonicWALL support is Mac hostile, they claim it doesn't work with Macs. Hogwash. Be prepared for Bob from Bangalor for the Level 1 and Level 2 support people, who seem untrained on the product line. The Level 3 support people are good, except when you get the anti-Macintosh bigots.
  If you need to do NAPT (NAT with port translation), you will have to get the SonicOS Enhanced OS. SonicOS Standard can do NAT but not port translation. The learning curve on SonicOS Standard is not that bad; SonicOS Enhanced is a very different animal - more powerful and featured but more difficult to set up.
  Sonic's business model is to pretty much give the hardware away and make it up on support contracts/licenses for firmware/hardware support, IPS, Anti-Spyware, Anti-Virus licensing, etc. The hardware is reliable.
  Hope that helps,
  Russ
  Xserve G5 2.0 GHz 2 GB RAM   Mac OS X (10.4.8)   Apple Hardware RAID, ATTO UL4D, Exabyte VXA-2 1x10 1u

• Firewall for servers

  Hi
  why we need firewall for the server farm?
  thanks

  Hello Ibrahim,
  Its common sense, a server farm got to be carefully placed into your network.
  You will have the most important information on your company on those serves, why would not you have a firewall for them, would be the right question?
  Each single network has a lot of vulnerabilities, we as security engineers are in charge of reducing the amount of vulnerabilities so people on the outside of our network cannot compromise our servers.
  And that is the whole point of a firewall, reduce the possibility of an attack to our servers.
  Hope this helps.
  Julio
  Security Engineer
  Do rate all the helpful posts!!!

• What are the announcements for renting VPS?

  What are the announcements for renting VPS? For details, understand VPS and make the choice of rental; for Taiwan VPS and Hong Kong VPS, without records, unlimited contents, wider range, and more efficient experience. Your server will show its excellence with the advantages.
  Most station agents become less inclined to virtual hosting, for national space, domain name records are needed, which waste the time; for overseas hosting such as Korea hosting, US hosting, no records, but slower speed than national space; therefore, more and more station agents prefer servers, but because the price of servers are too high, they turn their focus on VPS.
  The following are the announcements:
  1.Open remote desktop lander:
  Start-run-mstsc or start-procedure-nearby-remote desktop connect
  2.Several conditions for account halt:
  First, client side login cause account halt
  Second, certain account quits the remote control in midway when it runs routine
  Third, certain routine is restricted by synchronous operation of system administrator.
  3. Not install the third party firewall
  If you need firewall, please use windows firewall, the third party firewall in VPS will cause system collapse and data loss, the system automatically obtains the newest windows patches and install itself, which do not require human operation. Installing system patches in VPS sometimes will heavily lead to VPS collapse and data loss.
  Do not modify remote desktop port.
  Because of the specialty of VPS system, default remote desktop port is 3389, do not modify randomly, or the remote connection will be out of work.
  4. Except some special conditions that user registration is needed for certain procedure, when the remote connection has been close down, do not forget logout user to save memory resource, and prevent the loading connection next time, if it happens, reboot VPS.
  5. VPS has been set with relative security when it was paid, with high security. It suggests that do not open firewall randomly, if you open it by your own, the following ports should be opened: 21(FTP), 3389(remote connection), 80(website http), 3306(MySQL), 1433(SQL Server). Timely check whether there is suspicious account or system log, download 360 safety guard to avoid these files and process.
  6. Try not to modify registry hand-actuated, ensure the reboot of VPS. Modify remote ports please add the modified port in firewall first, and then reboot.
  7.Modify IIS installation files, backup these files, and then modify them with the software that can keep the file layout, prevent these files from destroying IIS.
  8.Website service of VPS and FTP service of IIS are default to open hand-actuated, set Web Publishing Service as automatically if you are station agent. If you often use FTP service of IIS, please set FTP Publishing Service as automatically, i.e. reboot it automatically. If you use serv-u, tick all the system service terms. In the terms of security and resource consumption , it suggests that those users who seldom use FTP do not set it as automatically.

  Hi there
  "So for ALL the apps, the annual monthly fee is £46.88, but you can rent occasionally for £70.32 pm.... ?" Correct
  £17.58 single app plan requires an annual commit - it's £27.34 for the month-to-month plan without annual commit.
  Thanks
  Bev

• Can't edit default domain controllers policy on windows 8 or server 2012

  I have found that I can't edit the "Default Domain Controllers Policy" from a Windows 8 or Server 2012 machine.  I can edit and save changes fine from a Windows 7 machine.  The domain controllers are running Windows 2012 Standard upgraded
  from Windows 2008 R2.  Is there a security setting I am missing?

  Posting the resolution from the other thread.  Hope it helps!
  I just accidentally resolved this issue today.  I added the GPMC to a 2008 R2 server so I could make a needed firewall
  change within the Windows Firewall with Advanced Security section of the Default Domain Controllers GPO (I enabled the Remote Event Log management rule for the Domain profile).  About an hour later, I forgot I was using my Windows 8 machine and I went
  to edit the Default Domain Controllers GPO and opened for edit without a problem.  I can now edit it from Windows 8 and from Windows Server 2012.  Until now, I was using a Windows 7 VM to make the edits, so in my case the problem was resolved by
  editing the GPO once from a 2008 R2 machine.

• Problem with adapter network category reverting to public after change to private

  I noticed that after setting up HyperV Server 2012 R2, that after applying needed firewall rules to allow remote management, that these were added into the "Public" profile. So, I disabled them and enabled for Private and proceeded to change the
  NIC which is internal to the LAN to Private as well.
  All was good; however, after several hours... the network category reverted to Public on that NIC, which of course will not allow any remote management.
  The firewall rules for remote management are only enabled for "Private".
  I used: Set-NetConnectionProfile -InterfaceIndex # -NetworkCategory Private
  Which works; however, what is causing it to revert to public after a given amount of time...

  no domain for this HyperV Server 2012 R2, it's workgroup.
  The management NIC is set for static IP.  At first I did not apply a gateway nor dns settings for it and NLA automatically gave it the Public profile.  After setting to Private via powershell, any reboot or after several hours, it would
  revert.
  So, I set a gateway and dns to a VM that is running on that server which runs those services for other subnets.  I am guessing that after a reboot, NLA discovery is not respecting the static properties and changing the profile to public.  Perhaps
  due to the VM is still spinning up?
  I cannot find a way to get NLA to respect the static properties "and" profile for itself.

• Admin40_check_ds_availability_init() error code = 4

  I can't log into the admin console anymore. I've searched the other messages and changed the password and expiration time. That didn't work for me.
  What did I mess up?
  Here are the log entries:
  warning ( 5895): admin40_check_ds_availability_init(): unable to initialize secure Admin Info (error code = 4)
  [22/May/2006:23:54:31] warning ( 5895): buildUGInfo(): unable to initialize secure Admin Info (error code = 4)
  [22/May/2006:23:54:31] failure ( 5895): Warning! admin40_task_eval_init(): unable to build User Group Info
  [22/May/2006:23:54:31] failure ( 5895): admin40_host_ip_init(): unable to initialize secure Admin Info (error code = 4)
  [22/May/2006:23:54:31] info ( 5897): Installing a new configuration
  [22/May/2006:23:54:31] info ( 5897): [LS ls1] http://<my url>, port 390 ready to accept requests
  [22/May/2006:23:54:31] info ( 5897): A new configuration was successfully installed
  [22/May/2006:23:54:31] info ( 5897): Using the Java HotSpot(TM) Server VM v1.5.0_06 from Sun Microsystems Inc.
  [22/May/2006:23:54:31] info ( 5897): Java VM classpath: /var/mps/serverroot/bin/https/jar/NSServletLayer.jar:/var/mps/serverroot/bin/https/jar/NSJavaUtil.jar:/var/mps/serverroot/bin/https/jar/NSJavaMiscUtil.jar:/var/mps/serverroot/bin/https/jar/servlet.jar:/var/mps/serverroot/bin/https/jar/servlet-2.3-filters-api.jar:/var/mps/serverroot/bin/https/jar/jspengine.jar:/var/mps/serverroot/java/ldapjdk.jar:/var/mps/serverroot/java/jss4.jar:
  [22/May/2006:23:54:31] info ( 5897): Loading IWSSessionManager by default.
  [22/May/2006:23:54:31] info ( 5897): IWSSessionManager: Maximum number of sessions is 1000
  [22/May/2006:23:54:31] security ( 5897): for host 0.0.0.0 trying to GET /, admin40_host_ip_check reports: Unauthorized host ip=0.0.0.0, connection rejected
  [22/May/2006:23:54:50] security ( 5897): for host<my url> trying to GET /admin-serv/authenticate, admin40_host_ip_check reports: Unauthorized host ip=::ffff:a.b.c.d, connection rejected

  Note that you must first start slapd then admin-serv as admin server needs some info from DS data.
  I think the actual error is in the last two lines.
  [22/May/2006:23:54:31] security ( 5897): for host 0.0.0.0 trying to GET /, admin40_host_ip_check reports: Unauthorized host ip=0.0.0.0, connection rejected
  [22/May/2006:23:54:50] security ( 5897): for host<my url> trying to GET /admin-serv/authenticate, admin40_host_ip_check reports: Unauthorized host ip=::ffff:a.b.c.d, connection rejected
  You may want to add hostname.ldap.domain (eg: ldap1.example.com) into /etc/hosts and /etc/ipnodes (For Solaris10) in this format (below is an example).
  192.168.1.168 ldap1.example.com ldap1
  If you are running Admin Console from a remote client, add also the remote client IP and hostname into the above two files at the DS Server end.
  This is because the DS5.2 default admin console access to usually set to *.ldap.domain (eg: *.example.com) in the admin. instance
  There may be other reason causing this error, if admin console client and DS server are in different sub-net you would need firewall rule for admin port.
  Gary

• Driver installs and direct x

  im currently installing bootcamp to use win 7.
  i want to know if drivers are still the same for windows, i mean can i still use as if it was on pc, install direct x and hardwareand video drivers the same, or do i have to get apple variants? also do i need firewall/antivirus
  also how do i do windows updates? through the microsoft as usual? also my MBP has dual graphics how will this work within windows?
  thanks

  Yes, though with laptops the drivers can be an issue.
  If you have Intel 3000 integrated it may also not work the same as a PC.
  Definitely, of course you need Security  - whatever you know and respect, and can trust.
  Windows 7 MSSE is free and does a good job. I use that, and Kaspersky 2011 Suite. I would not go with just AV portion.  Most have or look like good 2012 suites coming out.

• Virus protection/Internet security...

  Does anyone ave the ultimate answer as to what is the best product to take care of the virus/internet protection for Imac 2.4GH? There are so many different opinions and only a few products...

  At this time Mac OS X is all you need: 
  Firewall. It features a built-in IP Firewall (check settings in  menu > System Preferences... > Sharing > Firewall.
  Virus. There are no known viruses for OS X at this time. There are some Trojans out there however they require the OS X Administrator to install them.
  Unix underpinnings. Due to the UNIX design of OS X all executable code must be installed by an OS X Administrator. Unless you authorize it it won't run. Ideally you'll do your work in a non-admin account to provide additional protection.
  Microsoft Office Files. These can contain Macros: only enable macros when accepting files from a trusted source.
  Obscurity. OS X is an up and coming OS. Windows and Linux users are far more likely to (and far more easily) targeted. This will change and in fact the challenge of trying to hack OS X is probably appealing to some.
  Security Updates. 'Holes' in OS X have been discovered where malicious code could be executed without consent. Apple regularly provides Security Updates (you'll be notified via Software Update when these are released) these patch those holes.
  If you regularly share files from un-known sources with colleagues with Windows PCs then consider using the free ClamX AV (link). Personally I don't waste the processor cycles.
  Cheers
  mrtotes
  Message was edited by: mrtotes

• Very Unusual Problem

  Router: WRT160N Cable: Comcast Problem: When connected to a router the internet connection on every PC in the house, both wired and wireless, will intermittently (every 5 to 30 minutes) drop offline for about 30 seconds. Sometimes it will not go out completely but just drop from about 15Mbps to 100Kbps. Sometimes it will go out until the router is unplugged and plugged back in, which will always solve the problem, at least temporarily. This started a few weeks ago out of the blue on a Belkin router, so I replaced it, the second replacement router had the same problem so I bought this new Linksys one, which also has the same problem. I have tried moving the modem and router to different room combinations of the house. I have replaced every cable involved and the cable modem was replaced by Comcast with a different brand. The odd part is that there is never a problem if I bypass the router and connect straight into the modem. The guy from Comcast before sending someone to replace the modem saw that there were 2000ms ping times to my modem that reduced down to 50ms when unplugging the router. Now I am down to thinking that something up the line from the house is having problems whenever I plug in a router, which sounds crazy to me and is not likely something I can convince Comcast of. My question is if there is anything anyone can think of that I haven't tried. What are my options at this point if Comcast will not send out a maintenance technician because they cannot reproduce the problem when connecting straight into my PC? Am I going to end up having to switch to DSL? Would that even solve the problem for certain? I apologize if this is not the best forum to ask this question, I am cross posting on any forum I can find on the internet that may be able to help. Thank you for your time.

  hello brianakq, try lowering down the MTU size to 1400 in the web ui of your router, sometimes lowering down MTU size will fix the intermittent connection problem but if that will not work try reconfiguring your router, anyway you have a good connection through the modem right?..just reset the router for 20sec while its turn on and after that turn off the router for about 20sec, if power light on the router is already solid, check if your getting an ip from the router if not then reset the router again this time for 30sec after turn off for 30sec also, if your pc is already getting an ip from the router then just try checking if you can get online wired, if can't get online then do mac address clone in the web ui of the router, if online but still experiencing intermittent connection, make sure the windows firewall and if there's a mcafee, norton, or any other anti virus that has a firewall, make sure its turn off..you don't need firewall on pc because linksys routers has built-in firewall installed, it'll just have conflict with your router, if still your experiencing intermittent problems after doing all of this, you can update/reflash your router's firmware by downloading your router's firmware on linksys.com/download -it's a bin file and if you have it download already, access web ui of your router and do this steps:
  > go to Administration tab
  > click Firmware Upgrade sub-tab
  > click Browse button
  > open the .bin file
  > click upgrade
  -if successful upgrading the router's FW, click continue or if your back on the web ui or if page tells cannot be displayed, just close the web ui and continue with this steps:
  > reset router for 20sec
  > power cycle router for 20sec
  > check power light -if solid, check internet connection
  -if not online access ui and mac clone and that should get you online, hopefully you can get a stable connection after doing all this..hope this helps..

• Security in Arch Linux

  Hello Everyone,
  I have a question.... I have been searching informations about iptables and Linux Security (mostly Ubuntu and Fedora's Security with AppArmor for example). But there is something I just don't understand... Arch Linux use "vanilla" software, kernel etc... and to use apparmor, iptables etc... we have install them manually using pacman..
  So my question is : Is there any kind of "native" security when using a simple Arch Linux instalation ? (In the kernel for example), Or I just need to install and configure it myself ?
  Thanks in Advance,
  Luis Da Costa

  aliasbody wrote:
  R00KIE wrote:
  clovenhoof wrote:Why I need firewall on server if it is behind a router?
  If you mean home routers one good reason is that you don't know how many security holes they have, some which might be remotely exploitable and used to try and compromise the local network.
  Didn't kind about that either :S
  If you poke hard enough, you can find a whole range of problems, it's like going to the zoo and see all the different animals. Stuff I've seen, and I haven't seen much, includes (and these are unmodified original firmwares from well known brands):
  - port redirection from incoming connections (nat) to the router itself, where a service is listening
  - router accepting connections to a range of ports, examples include tcp 1863:1864, 4443, 5190, 5566, 40000:40099, this may be intended to make some things work better but I still find it dubious since I've disabled all helpers and services I could and these get reinserted into iptables every time the router renews the external IP (router with adsl modem)
  - services that keep running, accepting connections and prompting for username and password after being disabled via web interface, namely tr-069, which from my limited knowledge of the subject, seems to point that it can be used to remotely manage the device
  - services accessible from the wan side without the user explicitly knowing it, not sure what it is but accepts connections on port 25
  - hidden default username/password combinations which cannot be deleted/removed/disabled, but at least login is not allowed from the wan side.
  So yeah, I really don't trust home routers that much. Like .:B:. says, if you are lucky enough to own a router that can have it's firmware replaced by one of the alternative firmwares you may be better of doing it if you feel brave enough.