Solved

OS X 10.3.3: built-in firewall quality

Posted on 2004-04-07
3
552 Views
Last Modified: 2010-03-17
Hi,

I have been trying to find info has to how secure the Panther built-in firewall is.

Is it true that the fiewall won't block outgoing traffic, such as programs checking with thier homebase for updates, etc?

Would an ADSL modem/router with NAT + OS X built-in firewall? Provide adequate security for a home-user with no servers being used?

If not, what software and/or command line lockdowns would be suggested?

Regards,

Benomoro

0
Comment
Question by:benomoro
3 Comments
 
LVL 30

Accepted Solution

by:
weed earned 25 total points
ID: 10783816
It's a perfectly good firewall. They're really not that complicated. They just block incoming traffic on certain ports.

Firewalls only block inbound traffic, not outbound. If you need to block outbound traffic use LittleSnitch from versiontracker.com.

Most routers provide their own firewall so you dont need OS X's firewall at that point. For a home user, using a Mac and a router, there is really no reason for a firewall. The latest test showed that while Linux and Windows were more than hackable, OS X and BSD was as secure as you can get and in that particular test remained unhacked. Using OS X isnt like using Windows. You dont need to be super paranoid about someone breaking in.
0
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 25 total points
ID: 10783926
Sure, the built-in firewall can provide adequate security. The GUI (Sharing panel) doesn't lend itself to filtering out-going packets, but the built-in Unix-level firewall daemon ipfw does allow for this.

You can work with it (ipfw) in the command-line if you feel courageous. I would say do NOT start there if you're completely new to Unix command-line work.

What it comes down to is how paranoid you want to be about it.

For starters, with OS X, things are shut off that you want off. Don't run FTP, and if you don't need it, don't startup/run Windows sharing. Remote login is off by default on 10.3 client (but it's SSH not Telnet which is a good thing)

You can use the Shareware products Brickhouse or FirewalkX ...

but your best bet is a Router with Firewall features. Asante has a nice affordable one (FR1000-series), with incoming and outgoing packet filtering. I've not used other products at home -  many people swear by Linksys, and many models are fine but keep in mind some of them require Windows software for the initial setup. Make sure it has built-in web-based configuration (the Asante does).

Looking at my Asante Router/Firewall log, would-be h@xxor kiddies scan my system all the time, but by-and-large they're looking for ports used by Microsoft products.

0
 

Author Comment

by:benomoro
ID: 10804283
Hey,

thanks for the prompt response. You both provided the information I was after + reassurance that the Os X world is safer...

Cheers.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now