Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OS X 10.3.3: built-in firewall quality

Posted on 2004-04-07
3
Medium Priority
?
577 Views
Last Modified: 2010-03-17
Hi,

I have been trying to find info has to how secure the Panther built-in firewall is.

Is it true that the fiewall won't block outgoing traffic, such as programs checking with thier homebase for updates, etc?

Would an ADSL modem/router with NAT + OS X built-in firewall? Provide adequate security for a home-user with no servers being used?

If not, what software and/or command line lockdowns would be suggested?

Regards,

Benomoro

0
Comment
Question by:benomoro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
weed earned 100 total points
ID: 10783816
It's a perfectly good firewall. They're really not that complicated. They just block incoming traffic on certain ports.

Firewalls only block inbound traffic, not outbound. If you need to block outbound traffic use LittleSnitch from versiontracker.com.

Most routers provide their own firewall so you dont need OS X's firewall at that point. For a home user, using a Mac and a router, there is really no reason for a firewall. The latest test showed that while Linux and Windows were more than hackable, OS X and BSD was as secure as you can get and in that particular test remained unhacked. Using OS X isnt like using Windows. You dont need to be super paranoid about someone breaking in.
0
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 100 total points
ID: 10783926
Sure, the built-in firewall can provide adequate security. The GUI (Sharing panel) doesn't lend itself to filtering out-going packets, but the built-in Unix-level firewall daemon ipfw does allow for this.

You can work with it (ipfw) in the command-line if you feel courageous. I would say do NOT start there if you're completely new to Unix command-line work.

What it comes down to is how paranoid you want to be about it.

For starters, with OS X, things are shut off that you want off. Don't run FTP, and if you don't need it, don't startup/run Windows sharing. Remote login is off by default on 10.3 client (but it's SSH not Telnet which is a good thing)

You can use the Shareware products Brickhouse or FirewalkX ...

but your best bet is a Router with Firewall features. Asante has a nice affordable one (FR1000-series), with incoming and outgoing packet filtering. I've not used other products at home -  many people swear by Linksys, and many models are fine but keep in mind some of them require Windows software for the initial setup. Make sure it has built-in web-based configuration (the Asante does).

Looking at my Asante Router/Firewall log, would-be h@xxor kiddies scan my system all the time, but by-and-large they're looking for ports used by Microsoft products.

0
 

Author Comment

by:benomoro
ID: 10804283
Hey,

thanks for the prompt response. You both provided the information I was after + reassurance that the Os X world is safer...

Cheers.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
While there are many new features for iOS 11, these are the five that can improve your digital lifestyle.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question