Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Security | 10 comments | Create New Account
Click here to return to the 'Security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security
Authored by: Jaharmi on Oct 26, '02 08:50:42AM

Overall, the whole firewall-NAT situation seems to have changed in Jaguar. For example, the Internet Sharing feature seems to start a process called "InternetSharing":

/usr/libexec/InternetSharing

InternetSharing seems to be able to start the AirPort software base station up in "infrastructure mode" rather than "ad hoc mode." This is an interesting difference ... with "ad hoc mode," you have a computer-to-computer network. With "infrastructure mode" you have what amounts to a "real" wireless access point.

You could regain some security by configuring the OS X DHCP server (which I assume InternetSharing is helping to start/configure) to only allow certain MAC addresses. Every Ethernet and wireless card has a MAC address, and although many let you modify those addresses nowadays, it's at least one more form of security. Used in conjunction with other security measures, it can be more effective. I don't know how to configure it to do this yet.

To encrypt traffic, you can either turn on WEP, or you can use VPN. There are some tutorials over at AFP548.com that I want to try; they tell you how to operate a PPTP server or IPSec tunnel from Mac to Mac. With VPN, particularly IPSec, all of your traffic is transparently encrypted behind the scenes, and more securely (in general) than WEP. Still, that's not necessarily for those who don't want to mess with the Terminal.

It would be cool to see someone come up with a comprehensive GUI for all this, similar to the way Brickhouse was evolving for 10.1.

[ Reply to This | # ]