IPNetSentry is a Faceless Background Application (FBA) which silently
monitors suspicious activity on your Internet connection. Such activity
would typically include attempted connections to mail servers (for
spam), Telnet ports (for remote logins), network control (to configure
routers), etc. Your Macintosh does not have to be running these
services. These are simply "trigger services" set by IPNetSentry
awaiting to be tripped by an unsuspecting intruder. In addition,
IPNetSentry can easily be configured to let selected remote users
access your Mac. For example, you might wish to share sensitive
files with a remote colleague (using Apple's TCP/IP file sharing
built into MacOS 9). With IPNetSentry you can easily permit this
single person to access your machine while blocking all others.
It offers solid IP filtering security on top of Apple's Groups and
Users authentication system.
IPNetSentry comes with a preconfigured set of "triggers" which
initially defines "suspicious activity". These triggers are contained
with the "IPNetSentry Config" document which is user configurable.
This way you can readily build your own configuration document defining
what you would consider "suspicious activity" (up to 64 different
How does IPNetSentry differ from most other Macintosh Internet
security products? It's probably easiest to see these differences
by looking at the following analogy. Let's consider protection of
a house. Assume we have two identical houses (A & B) which are
to be protected from intruders.
Home owner A decides he will protect his property by surrounding
the perimiter of his lot with a brick wall. Not a bad idea at first
glance. His house is certainly protected. Homeowner B decides he
will protect his property by getting a guard (sentry):
So far, so good. Both solutions seem to do the job. BUT here is
where some problems arise. Homeowners A & B both like pizza.
They want it delivered. Both also want their mail and newspapers
delivered. As well as garbage picked up. And so on. These are all
services desired by both families. And it just so happens that each
service in this town requires its own unique entrance into the property.
As a result, here is what we have after permitting such access:
Home owner A has had to essentially "punch holes" in his brick
wall to give various wanted services access to his property. Home
owner B, however, has only had to tell his sentry which services
are desired. Once instructed, the sentry will permit access to those
authorized and deny all others.
And there is more!
The sentry employed by home owner B is also quite clever and fast.
As instructed by home owner B, the sentry has setup various trip
wires ("triggers") in some of the windows....windows which the homeowner
never intends to use. When an intruder tries to gain access through
one of these booby-trapped windows, the sentry is alerted. The sentry
then immediately catches the intruder, escorts him off of the property,
and bans him from further access. For all others, however, the property
can be accessed as if nothing had happened.
The Importance of Payload Inspection
There is one additional feature of IPNetSentry which is not available in any other firewall product for the Macintosh: payload inspection (also known as packet inspection). Here is where this is important. Say you are running a web hosting server. Because you are running a server, you will want to permit incoming connections, typcially on TCP Port 80 (the standard port for web servers). With a typcial firewall, you will simply add a "Pass" filter for ALL datagrams coming in where the destination port equals 80. BUT do you really want to permit all such datagrams? Not really. There are worms out there which specifically target web servers (Nimda, Code Red, etc.), hence you would like to inspect the incoming datagram destined for your server BEFORE granting access. A normal firewall has no way of doing such payload inspection. It is as if the firewall sees that the delivery is from the pizza guy, but never bothers to look in the pizza box. But IPNetSentry can "look into the pizza box" making sure what is being delivered is what is wanted. By doing so, IPNetSentry can uniquely detect and stop Nimda, Code Red, File Maker Pro Hacker access attempts before these datagrams even reach your server(s).
These are the main differences between IPNetSentry and other Macintosh
firewall based products. The differences are significant.
You might be asking "But wait...firewalls are well known as security
products. Even Sustworks IPNetRouter has firewall capability. So why
this different approach with IPNetSentry?"
The reason for the different approach has to do with the number
of machines being protected by the security agent.
Firewalls are designed to protect several machines on a LAN (local
area network) which is connected to the Internet. They give a network
administrator complete control over what Internet services are available
from the outside world and who can access these services. For such
situations it often makes more sense to have a single administrator
setting up a firewall than it does to have everyone on the LAN doing
their own thing (especially when it comes to "punching holes" in
a firewall...imagine what a mess this could become).
For the single machine user, however, a firewall is most often
overkill. It can actually become more of a burden to administer
than it is a benefit. Hence IPNetSentry: Simple and intelligent
security for your Macintosh.
Up to 64 Triggers (either TCP or UDP protocols, any ports). Pre-configured
- SMTP (TCP - 25)
- SNMP (TCP - 161)
- Telnet (TCP - 23)
- DNS (UDP - 53)
- BOOTP - DHCP Server (UDP - 67)
- FINGER (TCP - 79)
- POP3 (TCP - 110)
Up to 100 aged filters (filters installed after a trigger is tripped).
These filters age (time out) after a preset time (which you can
set). Aged filters completely ban a potential intruder from accessing
Up to 100 additional filters for limiting specific access to a
service from a specific remote IP address(es). Example: you are
running Apple's TCP/IP file sharing. But you only want to give access
to this service to one remote machine. IPNetSentry easily lets you
do this through Access Filters. Only the remote IP address(es) you
designate will be permitted access...all others will be blocked.
Flexible notification modes. Silent operation (no notification).
Alert notification (alert box informs you of an intrusion). Browser
notification (your browser is taken to a page which provides you
with more details regarding the intruder and his/her Internet Service
Provider (including contact names and numbers)).
IPNetSentry works in a faceless background mode (it runs, but you
do not see it in your list of running applications). A convenient
companion application lets you turn Net Sentry Off and On, and provides
several other important functions (view trigger log, view aged filters,
configure IPNetSentry Config file, etc.). The companion application
is only needed when you wish to change or view some feature of the
Net Sentry FBA. Normally the IPNetSentry FBA runs unattended and
silently in the background.