| Archive for Downsizer For an ethical approach to consumption |
| sean |
Broadband....When my Mac finally arrives (still in Luxembourg at the moment), what info am I going to need to hook it up to my broadband connection? |
||||
| Treacodactyl |
Personally I would use a B/band router/firewall box. You can then connect the Mac to the router via a Ethernet cable. Does the Mac have a LAN port?
I suggest the b/band router/firewall rather than a modem as it's only £10-£20 more but the tests I've done on my router/firewall have proved it's difficult th hack. Makes I'm not sure about as I've only used one that my provider uses. It makes the support easier but it was expensive. |
||||
| jema |
Stiicking a hardware router between you and the net, cuts you off from most the nasties, of course though they would not infect a Mac anyway 
|
||||
| Treacodactyl |
I read an article on Linux saying that, even though they can be easily hacked, a linux box and a XP box connected to the internet and the XP box was hacked in minutes and Linux hacked in about 3 months! No Mac info...
I'd also only use a wired router, not a wireless one. |
||||
| jema |
It seems to me, that if you are able to run the wires without a lot of problems, then wire is more secure, faster and more reliable. |
||||
| sean |
I'll be installing a router at some point, but just at the moment I'm using a USB modem. | ||||
| Treacodactyl |
If you have the modem it should just plug 'n play then? | ||||
| sean |
I'll let you know. Does the mac need to know a password or something? Sorry, I know jacks*** about how all this works. | ||||
| tahir |
Who's your ISP? | ||||
| sean |
BT. | ||||
| tahir |
I assume all you'll need to do is plug the modem in, point your browser at www.btinternet.com and log in. | ||||
| Treacodactyl |
Were you given a starting pack from BT? That should have your password and other details needed. |
||||
| sean |
Yup, I'll dig it out. | ||||
| Gervase |
The USB modem that come with the BT package isn't very good, as it has to 'dial' a connection every time you want to go online. You'll be better off getting yourself a router with a built-in firewall; that way you can leave the connection on permanently and you'll be safe from malicious intrusions. Mine's been chugging away for months online without mishap.
The Mac has a built-in socket for a standard RJ45 network plug, and most routers come with cabling, so setting it up is a doddle, even though most installation manuals ignore the Mac completely. Any probs, drop me a message and I'll talk you through it down the phone. Or you could go wireless with an Airport card in the Mac talking to a wireless router somewhere else in the house - a much less cluttered and more elegant way of doing it. |
||||
| Treacodactyl |
And less secure... |
||||
| sean |
No real point in going wireless, the phone sockets are next to where the computer gets used. | ||||
| mrutty |
Buy a DrayTek 2600P from www.seg.co.uk £200, it's the best value you can get. Yes a Sonicwall is better but it cost £500. Yes a Netgear is roughly £100 but it doesn't seem to get the firmware upgrades as often as I'd expect. Oh and Cisco is for people that have way too much money.
I've currently got one on delievery (well it's at the TNT warehouse as Er decided to go to work today  ), One about to be ordered and another person that is awaiting confirmation of a line test.
|
||||
| jema |
Do you really benefit from the extra expense? |
||||
| mrutty |
I'd say yes. I find better S/N reports and loop. Also better fault data that enables line faults to be confirmed and fixed. Lost the connection in Jan and could prove that it was a line fault so had a call raised within 15 mins and BT response in 2 days (better than their 5 day SLA).
Tools are really easy to use and A1 support from both SEG and DrayTek. Netgear kit works straight out of the box, but I've found support to be a problem sometimes |
||||
| Gervase |
Blimey, I used a Dynamode router that cost me under £40 and which seems to do the job on our 1Mbs connection here. Connects up to four machines, with any OS, and regularly gets uplink to the broadband service in excess of 1Mbs according to the stats. | ||||
| mrutty |
Not a bad product range. Firewall looks a bit weak, but at £40 can't moan. Would like to know more about the remote management settings and the SNMP versions, sadly not too much detail on the site | ||||
| dougal |
Sean -
In reply to your original question, you will *need* Mac OS X driver software for your USB broadband modem. (Should be on the CD, check the label!) And your username and password. It might be handy to have the IP addresses of your ISP's DNS servers. That should allow you to setup access to the net. For email, you're going to need the names of the ISP's mailserver computers, your email box id(s) and password(s). These, except the passwords, should be visible in your existing PC mail setup. The standard Mac OS X install includes a pretty good firewall. To turn it on, open System Preferences, Sharing, click the Firewall tab and then the Start button. Funny name "Firewall" when its ability is *not* to absolutely shut everyone out, but to carefully *allow* (specified) restricted access. Unless you are intending to do videoconferencing, or run something that you want the world to have access to (like your own webserver), then you *don't* want to allow *anyone* *any* access to your machine. So for the Mac firewall, you shouldn't 'tick' any of the allowed access options... Important note - we aren't talking about shutting out replies (to your requests for web pages or email), but shutting out traffic *originating* from out there. Potentially a 'bad' agent on your machine could originate a connection to a bad guy, but the Mac won't allow any installation (of any program) without an 'Administrator' password. If you are going to continue with a PC as well as the Mac, (or any second computer), a router is obviously the way to go - and incidentally provides another line of defence. It is a moot point as to whether its better to set up the router to ignore all incoming traffic attempts, or to forward it to a non-existant machine. But ANY router hides your computer from the net, and if there's no way - at all - that traffic can reach your machine uninvited, that has to be a good thing. I'd say that a cheap router would meet your needs; I don't think an expensive full-featured firewall would do anything more useful for you. For basic ADSL routers, you could do worse than check out www.solwise.co.uk |
||||
| mrutty |
A firewall is a logging router and I agree that you can set any router up to find your machine. However logging routers don't understand packet structures and can't do proxying.
You can DoS a router quite easily and because it routes you don't need to be able to see it to take it down. Hey at the end of the day it's down to how much money you want to spend. I run a two layer (three layer in some parts) firewall infrstructure and have an air gapped machine, but that's much more to do with my line of business. |
||||
| jema |
I run a network here that I occasionally allow access to specific machines via my basic linksys router. I'd say that puts me on a more complex level than most people here and yet a cheap router does it for me.
I'd say for £40 a router is a great way of sharing a connection and offers a massive level of protection compared to the software firewall most people are running. |
||||
| Treacodactyl |
It also depends what you want from you home setup. £200 would be worth it for some. | ||||
| dougal |
AFAIK he has no need to filter/inspect/record traffic content, or restrict access to particular websites - which I understand to be the function of a proxy server. I doubt he's going to attract any attention from anyone that would think of flooding his connection and denying him service. He has no need to worry about his (non-existant) servers being denied to the world. Also a DoS attack is surely pretty unlikely on someone without a fixed IP address, isn't it? Can someone please explain what I'm missing, 'cos while I can recognise that these would be useful functions, and well-nigh essential and worth most web-enterprises (with multiple locations or employees) paying money for - I'm afraid I really don't see what's in it for someone like Sean to have anything beyond a basic router... (£200 is lots of potatoes...) |
||||
| Treacodactyl |
I thought broad band gives you a fixed IP address? I also don't think Sean will be paying £200 for a router.
|
||||
| mrutty |
OK DoS, yes everyone can get hit. Something as dumb as Code Red which steps through all the public IP addresses regardless of static or dynamic. Just checked now and been hit 10 times in the last hour with an attempt. BUT XP firewall and a router would prevent these current script kiddie attacks. Yes most people really could just renew their IP address and the DoS should go away. Yes a proxy server can filter, but what it does is break the interactive connectivity of the traffic flow (wake up at the back I might set an exam). A proxy Firewall breaks the connection and then looks at the say the HTTP and checks that it's valid. Stateful inspection or state of inspection firewalls just check that the packet is formed correctly. Routing tables just say packet type A can go to this box or not with no further inspect. A CCSA would be able to set it up, but not so sure about home user, very easy to stuff it up. Right that's just cut a 15 page firewall document down into 5 paragraphs  But yes look at all the options a choose what fits your budget and needs. I'm thinking of uping my ADSL to business to get 20/1 instead of 50/1 sharing, but then I can't get more than a 500 line because of the distance from the exchange. I've got a failed delivery on Friday of another DrayTek and an order out for ZoneLabs Pro. Other people I'm sure are saving instead for a new digital stereo.
Oh and yes I'd love a FW-1 and Cyberguard mix, but that's too expensive as is the 32 meg link the Er wouldn't let me get 
|
||||
| dougal |
Some ISPs include a fixed IP address in the basic package. Some (inc BT IIRC) charge extra for it. My comment re £200 was a in reference to the specific injunction that he SHOULD "Buy a DrayTek 2600P from www.seg.co.uk £200, it's the best value you can get. " Regardless of the 'value' *in* this piece of kit, I have yet to be convinced that it is appropriate to Sean's needs - and thus of its value *to* Sean. |
||||
| dougal |
Um, hang on - isn't "Code Red" a piece of malware (worm?) that *looks* for *PCs* that can be compromised - and *then* used as zombies to flood (deny service to) prominent websites (originally the White House?). Now - 1/ Code Red would use Sean's PC as a zombie, and Code Red wouldn't deny service *to* Sean's PC (not that he's providing any service to deny), and AFAIK (bloody Mac user!) acting thus as a zombie shouldn't make very much impact on his own PC. 2/ And anyway Sean's iMac aint a PC ready to be compromised. So what is its relevance to Sean's needs ? Reference: http://www.f-secure.com/v-descs/bady.shtml |
||||
| mrutty |
Code Red is a noisy worm that scans the entire IP address range and bought the 'Net' to almost a stand still. Whist it's true to say it was looking for hosts it still pinged machines that had to respond. Simple example that is all. On a large corperate network it took 53 machines to bring a Gigabit backboned network to it's knees. On BT Openwoe you'll have more machines than that in the IP range pinging, if you can drop the packets before it hits any IP aware machine all the better.
(Got paid a bonus for that weeks work  )
Oh and yes it was the White House, from memory they hardcoded the IP address so the White House just moved it's IP address and the service providers set the old address to dev\null
|
||||
| dougal |
That would be 53 compromised PC's... No argument that such *external_requests* are best handled by being ignored at the router/firewall BUT The nuisance to Sean's iMac of having its (software) firewall pinged a dozen (or even 200, or 2,000...) times an hour is actually going to make VERY little impact on his surfing. That's not going to deny *him* service. And there's VERY little chance his Mac being compromised by anything similar. Since he is hosting no servers, a router (any router) would provide an extra layer of security - which perhaps is redundant, but I'm not convinced there is any advantage -- to *Sean* -- in his having an additional full-featured, stand alone firewall that goes beyond packet state checking, let alone a proxy server... |
||||
| mrutty |
Each to his own | ||||
| sean |
Thanks for all the advice everyone. I'll go and have a word with our local shop and see what he sells/charges. |