This question has been asked before, but in hypothetical terms, and it received hypothetical answers: connecting a secure computer directly to the internet without a router
I recently bricked my router doing a firmware upgrade (ironically, because I recently learned of a security vulnerability in my router model that the upgrade would fix). I ordered a new one online, but it will take several days to arrive. I would like to actually use my Internet at home until it gets here.
I have exactly two uses for wired internet:
- Watching Netflix and YouTube videos
- Pulling data from my company's MySQL server
I have two distinct concerns about these uses.
The first is that, by plugging my machine directly into the Internet, I am exposing it directly to any attacks that might arrive at my IP address. I am aware that OSX has not one but two firewalls that come with it. How can I configure these correctly so that bad things don't happen while I'm watching The Bridge on the River Kwai?
The second is that I don't believe my company's database server is as secure as it could be. What steps, if any, can I take on the client side to protect our data? Or am I equally at risk in this case regardless of whether or not I am behind a hardware firewall?
I followed the suggestion in the question I linked to run netstat -an, and noticed a large number of entries like
tcp4 0 0 *.88 *.* LISTEN
Does this mean that my computer is listening on port 88? How do I know which ports are necessary to connect to and browse the Internet, and how should I secure them?
Edit: Running without -n leads me to believe that my computer is listening for Kerberos authentication. I unchecked all of the "sharing" options, which removed the Kerberos and SSH entries, but several of these "Active Internet Connections" remain
