Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Airport Extreme failed security test

by Alwin Aug 26, 2010 7:13PM PDT

Hi,
I just purchased an Airport Extreme (802.11n) to replace my old Linksys router (so that I can have wifi). After I have everything installed, I went to Symantec's Security Check page and ShieldsUP! page to make sure my connection is secure.

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=10&pkj=ANLRPWFYJOKMFIDPMSV
http://www.grc.com/x/ne.dll?rh1dkyd2

To my horror, Symantec says that one of my ports is OPEN (ICMP Ping), while all others are CLOSED. In my limited understanding, this is definitely not the most desirable situation--not as good as my old Linksys, whose ports are all reported as STEALTH. ShieldsUP! just said that I failed because of the open ICMP port.

My questions are:
1. Is this the best Airport Extreme can do?
2. Am I safe?
3. Can I change any settings to make my network more secure?

I can't find much info from Apples' documentation and the Support website.

Thanks!
Al

Discussion is locked

3 Posts
- Collapse + Expand Details
- Collapse -
Use the Airport software to find
by mrmacfixit Forum moderator Aug 26, 2010 10:03PM PDT

the ICMP port and close it.

I don't have AE so I cannot be more specific than that.

Someone will be along with the answer.

Meanwhile, don't get too concerned

P

- Collapse -
Thanks, but...
by Alwin Aug 29, 2010 4:32AM PDT

Thank you Mr. Macfixit...

But there seems to be no way for me to close that port with the supplied Airport software. Further googling gives me this piece of information from MacinTouch's review

http://www.macintouch.com/reviews/airportn/
>Apple advertises AirPort Extreme's built-in firewall as a key security feature. The firewall, though basic, is functional. In a quick network scan of the sort used to find targets for attack, the base station appears to be "down" (offline). A more sophisticated scan with the nmap tool shows it to be online but filtering. The only "open" ports nmap detected were ports we had specifically forwarded to a computer behind the network.
>The AirPort Utility has no way to configure or adjust this firewall. We'd like a way to enable access to AirPort Disk from only selected IP address ranges. A "stealth" firewall mode would be welcome too, to be completely invisible on the net.

It seems that Apple intentionally makes the Airport Extreme this way, and that there is no way for me to change it.

Network security gurus:
Do you think that this is situation (closed ports, no stealth mode) is secure enough?
Is there anything else I can do?

TIA,
Al

- Collapse -
The Airport Extreme has an excellent firewall
by SolarPrizm Sep 6, 2011 11:44AM PDT

The Airport Extreme has a toggle-able firewall using the IPv6 protocol. This system makes it nigh impossible to "guess" an IP so your safe there. It also allows port forwarding and connection to AirPort Disks (although I am not knowledgeable of the Disks category on the AirPort Utility).
I for one, would like to know how secure the firewall is though, and from what Alwin is saying, the Apple Airport Extreme has a confusing enough firewall that even the websites that evaluate them can't understand them. xD

Thanks for reading, SolarPrizm
<div id="swiffout"></div>

Back to Mac Hardware forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info