Key Concepts

DoorStop X is a software firewall. Firewalls in general protect network services from undesired access. (12, Firewall Basics) DoorStop specifically protects Internet services, such as Web Sharing and File Sharing, on the machine on which it is running. DoorStop's protection is in addition to any protection provided by the service itself, such as account names and passwords.

With DoorStop X, you tell DoorStop which Internet services to protect, and how each service should be protected, on a service-by-service basis. DoorStop also provides protection for all Internet services not explicitly specified. For maximum security, the default protection for explicitly specified services and for "all other" services is set to deny all access. You can use DoorStop X to specify other types of protection for each service. A service can be protected so that anyone can access it, no one can access it, or only certain machines can or cannot access it.

IP addresses (6, IP Addresses and Host Names)

A computer on any network, including the Internet, is located by means of its IP address. There are currently two forms of IP address:

• IPv4 - This form is by far the most widely used. It consists of 4 8-bit numerical fields (each with a range of 0 through 255), separated by decimal points, like this: 192.168.1.101. With a total of 32 bits, IPv4 can describe a total of 4 billion IP addresses.
• IPv6 - Also know as IPng for “IP next generation”, IPv6 was developed due to the growing need for fixed IP addresses, among other things. IPv6 addresses consist of eight 16-bit fields, for a total of 128 bits or more than 3 x 10^38 addresses. Currently, IPv6 is used mostly by a few universities and certain government projects, and is probably not something you'll need to deal with anytime in the near future. For the purposes of this document, “IP address” will refer to an IPv4 address. DoorStop by default disables IPv6 -- DoorStop's settings apply only to IPv4.

IP addresses can be specified in DoorStop as a single IP address, a range of IP addresses that start with a certain value, or a range of IP addresses corresponding to a subnet. A subnet is a local area network that is part of a larger intranet, or of the Internet.

Note for power users: On a machine configured with multiple IP addresses, the security settings specified in DoorStop (client addresses and type of protection for each service) apply to all IP addresses configured on that machine.

Ports (6, Port Numbers)

Internet services communicate by means of ports, with each service using a unique port number. For instance, Web Sharing usually uses port 80, and File Sharing uses port 548. Sometimes services are run on alternate ports, however. For instance, if two Web servers are running on the same machine, they could not both use the same port number -- one of them would be assigned an alternate port number.

Packets & protocols (6, Protocols)

When data is sent over a network, it is broken down into small units called packets. For example, a large text document sent over a network might consist of many packets, sent one after the other until the entire document has been sent. Many networks, and the Internet in particular, have an enormous number of packets being sent back and forth between machines. To keep things orderly, packets are sent in a well-defined way, using network protocols. DoorStop can protect the three most commonly used protocols:

• TCP - This protocol is used for many common Internet services, such as email and the Web. With TCP, a connection is established between the sending and receiving machines (done by exchanging certain types of packets) before data is sent -- this has implications for logging.
• UDP - This protocol is used for common low-level network functions, which are described in the UDP section. It is also used by certain network applications, such as in certain modes of iChat. With UDP a connection is not established between sending and receiving machines before data is sent.
• ICMP - This protocol has many uses, one of which is confirming the existence of a machine at a specific IP address. This use is described in the Stealth mode section.

Using DoorStop X

In its default configuration, DoorStop X protects all TCP-based services running on your machine. Such services include File Sharing and Web Sharing, among others. If you install DoorStop using the default settings in the Setup Assistant, or if you skip the Setup Assistant altogether, no one will be able to access these or any other TCP-based services. You might, however, want to further configure DoorStop, for one or more reasons:

1. If you're actually running TCP-based services, such as File Sharing, you'll need to allow access to that service for at least some other machines (if not all) on your network or on the Internet. Start by going to Protecting Basic Services.
2. If you want to protect UDP-based services, you can do so in DoorStop's Preferences dialog. See UDP protection.
3. Logging of DoorStop's actions (on by default) gives you the raw data you need in order to be aware of possible security violations or violation attempts (see Logging for details). If you're running an Internet service, however, such as Web Sharing, you may want to disable logging of allowed accesses, if your site is getting a lot of traffic.
4. If your network runs IPv6, you need to allow it through DoorStop. See IPv6 protection.

For details of configuring DoorStop, start with Protecting Basic Services.

Back to Table of Contents
Back to Getting Started
Forward to Protecting Basic Services