Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

OS X 10.3.3: built-in firewall quality

Posted on 2004-04-07
3
561 Views
Last Modified: 2010-03-17
Hi,

I have been trying to find info has to how secure the Panther built-in firewall is.

Is it true that the fiewall won't block outgoing traffic, such as programs checking with thier homebase for updates, etc?

Would an ADSL modem/router with NAT + OS X built-in firewall? Provide adequate security for a home-user with no servers being used?

If not, what software and/or command line lockdowns would be suggested?

Regards,

Benomoro

0
Comment
Question by:benomoro
3 Comments
 
LVL 30

Accepted Solution

by:
weed earned 25 total points
ID: 10783816
It's a perfectly good firewall. They're really not that complicated. They just block incoming traffic on certain ports.

Firewalls only block inbound traffic, not outbound. If you need to block outbound traffic use LittleSnitch from versiontracker.com.

Most routers provide their own firewall so you dont need OS X's firewall at that point. For a home user, using a Mac and a router, there is really no reason for a firewall. The latest test showed that while Linux and Windows were more than hackable, OS X and BSD was as secure as you can get and in that particular test remained unhacked. Using OS X isnt like using Windows. You dont need to be super paranoid about someone breaking in.
0
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 25 total points
ID: 10783926
Sure, the built-in firewall can provide adequate security. The GUI (Sharing panel) doesn't lend itself to filtering out-going packets, but the built-in Unix-level firewall daemon ipfw does allow for this.

You can work with it (ipfw) in the command-line if you feel courageous. I would say do NOT start there if you're completely new to Unix command-line work.

What it comes down to is how paranoid you want to be about it.

For starters, with OS X, things are shut off that you want off. Don't run FTP, and if you don't need it, don't startup/run Windows sharing. Remote login is off by default on 10.3 client (but it's SSH not Telnet which is a good thing)

You can use the Shareware products Brickhouse or FirewalkX ...

but your best bet is a Router with Firewall features. Asante has a nice affordable one (FR1000-series), with incoming and outgoing packet filtering. I've not used other products at home -  many people swear by Linksys, and many models are fine but keep in mind some of them require Windows software for the initial setup. Make sure it has built-in web-based configuration (the Asante does).

Looking at my Asante Router/Firewall log, would-be h@xxor kiddies scan my system all the time, but by-and-large they're looking for ports used by Microsoft products.

0
 

Author Comment

by:benomoro
ID: 10804283
Hey,

thanks for the prompt response. You both provided the information I was after + reassurance that the Os X world is safer...

Cheers.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question