Firewall!

Discussion in 'macOS' started by mpt-matthew, Jan 22, 2011.

  1. mpt-matthew macrumors regular

    Joined:
    Aug 11, 2010
    #1
    Right, lets talk about my OSX firewall.

    I think I need a firewall, please advise:
    My internet connection in my university room comes through an CAT cable, into my time capsule, then distributed to me on a secure wifi network.
    I think I should have a firewall for that, as its not my "own" internet connection if that makes sense.
    Also at the university itself i use their wifi network, again i am sure a firewall is appropriate here to prevent someone trying to hack my computer on the same network. Is this correct.

    Anyway, i enabled my firewall BUT even though lots of programes are on the trusted list, it still asks me to allow them internet connection before they run. Is there any way to allow (say iTunes) so it will always accept it.
    Its on the trusted list in the firewall preferences.

    Any other security tips for unsecured networks :)

    Thanks
     
  2. baummer, Jan 22, 2011
    Last edited by a moderator: Jan 23, 2011

    baummer macrumors 6502a

    Joined:
    Jan 18, 2005
    Location:
    Southern California
    #2
    Depends on your university's wireless policies. Do they have a web site talking about this? My employer and alma mater have the wireless running on a DMZ. That being said, you are taking your university's wired connection and running it through your own wireless router. Wired connections are almost certainly firewalled.

    To be honest, I don't think anyone is going to want to hack your computer. Connecting to an OS X machine over a network requires a password, almost always. If you have a strong password and have file sharing disabled, you should be fine.
     
  3. SandboxGeneral, Jan 22, 2011
    Last edited: Jan 22, 2011

    SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #3
    First off, your Time Capsule is a firewall, just like the AEBS and any other router out there.

    It is a hardware firewall which are the most secure and hard to beat firewalls, as compared to a software firewall. It's still a good idea to enable the OS/X firewall too, especially if you're mobile and not using your own router (Time Capsule).

    When you set up your Time Capsule, ensure that you are using the encryption standard WPA or WPA2 and never WEP and never leave it unsecured. I also suggest using a 63 character psuedo random password with maximum entropy. This will guarantee that no one will ever hack into your wireless network.

    WEP security can be hacked in as little as 10-15 seconds. The protocol was flawed from its inception and should never be used. For the life of me, I don't know why manufacturers still include this protocol in their devices.

    EDIT: You should also make sure you have downloaded the latest firmware updates for the Time Capsule and software update for the Airport Utility. There were several bug fixes and security fixes.

    AirPort Base Station and Time Capsule Firmware Update 7.5.2 Information
    AirPort Utility 5.5.2 for Mac
     
  4. mpt-matthew thread starter macrumors regular

    Joined:
    Aug 11, 2010
    #4
    Ok, thanks.
    My main issue wasn't particularly the time capsule, i dont think that anyone would want to hack it- and i am using WPA.

    The main issue was the wireless network at the university itself (not my room). And protecting my mac against an attack from someone inside the university.
     
  5. SandboxGeneral, Jan 22, 2011
    Last edited: Jan 22, 2011

    SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #5
    In that case, make sure you have your OS/X firewall turned on and under the advanced settings, you should enable stealth mode to protect against packet sniffers and such. You should probably also check Block all incoming connections for the time you're on the public WiFi and then turn it back off when you're back on your own network.

    I always have my OS/X firewall on even though I am behind my Airport Extreme Base Station and I always leave stealth mode enabled.

    If you're truly paranoid about security (and there's nothing wrong with that) there are a few more ways to secure your public Internet experience that are a bit more involved.
     
  6. mpt-matthew thread starter macrumors regular

    Joined:
    Aug 11, 2010
    #6
    So basically enable stealth mode when at uni.

    Do you know how i can stop the messages asking me to allow connections from applications. As i say above, even when an application is on the list it still asks me to allow.
     
  7. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #7
    Hmmm... as far as it always asking, I've had that happen a few times with iTunes before. I think a restart took care of it as it shouldn't be doing that when it's in the list.

    I would leave stealth mode on all the time.
     
  8. mpt-matthew thread starter macrumors regular

    Joined:
    Aug 11, 2010
    #8
    I have had it turned on for a few weeks now. iTunes, entourage etc have been on the list but it still asks me.
    I have it ticked to allow signed software incoming connections.
     
  9. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #9
    I have that ticked as well. Are all your Software Updates, up to date from :apple:?
     
  10. mpt-matthew thread starter macrumors regular

    Joined:
    Aug 11, 2010
    #10
    Yepp, everything is up to date. it says do you want to allow it to ma incoming connections.

    The help message says:

    If your application is accessible to other systems
    When an application opens itself to connections over the network or Internet, Mac OS X displays an alert message. The application may be trying to allow other computers to connect with your system, or it may be sharing information with other systems.
    If this type of behavior is expected from the application and you see no undue risk, click Allow.
    If you don’t want the application to connect across the network, or if you don’t want it to share information, click Deny. This will block attempts by other systems to connect to the application.


    I tried removing it then re-adding it to the list and it still asks me.
     
  11. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #11
    I'm really not sure about that one, I think it's a glitch or something. Try closing all open applications and run the repair permissions command and see if that helps.
     
  12. mpt-matthew thread starter macrumors regular

    Joined:
    Aug 11, 2010
    #12
    ok ill try that, thanks
     
  13. Modernape macrumors regular

    Joined:
    Jun 21, 2010
    #13
    Have you changed the icons for the apps giving you the firewall prompt? If so that 'breaks' the software signature, forcing the prompt each time.
     
  14. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #14
    Try the following to see if it helps:

    1) Delete all the items in the firewall list in the Security pane in System Preferences.

    2) Turn off the firewall.

    3) Delete the Application Firewall Preferences (located in Library/Preferences/com.apple.alf.plist).

    4) Restart the computer, turn on the firewall, and reconfigure the settings.

    FYI, more about Mac OS X firewalling -> 1 & 2
     
  15. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #15
    Stealth mode settings for the firewall do not prevent detection by ARP utilities and tools used for ARP poisoning attacks. Make sure to use SSL encryption as much as possible and check the digital certificate of security sensitive websites (ie with logins you don't want hacked).

    Use a utility, such as Mocha, to detect ARP poisoning.
     
  16. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #16
    That's exactly right. Good advice. :)
     

Share This Page