Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What firewall software do you use on your Mac?
- Thread starter Bubble99
- Start date
- Sort by reaction score
OS X's Application Firewall combined with a SonicWALL UTM running Deep Packet Inspection, IDS/IPS, AV and Anti-Malware, Application Filtering, and Wireless Intrusion Detection with a SonicPoint. All tied together with managed switches and a dedicated network monitoring machine using tools like TShark, tcpdump, and other open source packet capture tools for proxying connections and VPN tunneling. Everyone should run a firewall–it is silly to think that in this day and age you can run with no firewall and be safe.
If you have no services listening to the network then it’s kind of redundant. Yes?
Last edited:
None. The person behind the computer will be a lot more powerful than any software firewall. Don't go to bad sites, don't download free things that aren't from verified or secure sources (free wallpapers = bad!) etc...
I've worked IT at several companies (private - under 20 employees) and no matter how many firewalls you have (we bought a cisco firewall vpn) and no matter how great your antivirus is (Eset Nod32) - employees will always manage to get viruses. So running them on user accounts so when the virus does hit, it only affects their profile (windows) is very important. Yes, I realize I'm talking about Windows... but... same concept.
It is going to be the user behind the computer that determines the computer's safety.
I've worked IT at several companies (private - under 20 employees) and no matter how many firewalls you have (we bought a cisco firewall vpn) and no matter how great your antivirus is (Eset Nod32) - employees will always manage to get viruses. So running them on user accounts so when the virus does hit, it only affects their profile (windows) is very important. Yes, I realize I'm talking about Windows... but... same concept.
It is going to be the user behind the computer that determines the computer's safety.
Everyone should run a firewall–it is silly to think that in this day and age you can run with no firewall and be safe.[/QUOTE]
If you have no services listening to the network then it’s kind of redundant. Yes?
Not sure what you mean. A good firewall is to stop out going and incoming.
And also to stop hackers.
[/doublepost]="artfossil, post: 25310541, member]None. Besides me
You may want to put anti- virus on Mac and or Linux not so much they may get infected as you can spread infection to Windows computers.
In 10 years using Mac I have yet to have home page change, browser hijacking, strange programs installed, wallpaper changed, ads and pops ups every where, pops ups that do not close, strange toolbare, slow OS , freezes so on.
But was very common in Windows days before I seen.
Windows malware on Mac could spread to other Windows computer on the network.
Now ransomware seem be big thing going on now days than typical malware everyone all to common to see in the past.
If you have no services listening to the network then it’s kind of redundant. Yes?
Not sure what you mean. A good firewall is to stop out going and incoming.
And also to stop hackers.
[/doublepost]="artfossil, post: 25310541, member]None. Besides me
You may want to put anti- virus on Mac and or Linux not so much they may get infected as you can spread infection to Windows computers.
In 10 years using Mac I have yet to have home page change, browser hijacking, strange programs installed, wallpaper changed, ads and pops ups every where, pops ups that do not close, strange toolbare, slow OS , freezes so on.
But was very common in Windows days before I seen.
Windows malware on Mac could spread to other Windows computer on the network.
Now ransomware seem be big thing going on now days than typical malware everyone all to common to see in the past.
Last edited:
No, it still can prevent attackers who have achieved code execution from setting up a bind shell. If it is properly configured to filter outgoing connections, it can sometimes prevent them from using a reverse shell too.
Consider an attacker who has exploited a Safari vulnerability (for example) and can execute arbitrary code. The first thing he will want to do is set up a method of persistent access. If he is on the local network and there are no firewalls in between, he could do this with a bind shell, where he sets up netcat to listen on a port on the victim machine.
The classic method is to run something like
Code:
nc -lvp 4444 -e /bin/shon the victim. This will set up netcat to listen on port 4444 for incoming connections and execute /bin/sh, giving the remote attacker the ability to simply connect to the netcat service at will and obtain a shell. On most Unix systems, netcat no longer contains the -e option because of this, but it is still possible to use it as a bind shell using named pipes.
A reverse shell would be similar, but the netcat listener is set up on the attacker's machine and the victim is used to connect to it. This often evades firewalls because the netcat connection is outbound from the victim machine and most people allow all outbound connections through the firewall.
Still a firewall would stop the first attack which is simpler to execute than a reverse shell.
[doublepost=1509287360][/doublepost]
[doublepost=1509287421][/doublepost]
But if the attacker can execute code on your local system them the war is lost...
[doublepost=1509287421][/doublepost]
Then the Apple firewall plain sucks then? If no service is listening externally then what is being stopped from incoming?
Not necessarily. Often you only get a brief window to execute code via exploit. If you can't set up a persistent backdoor right away, you have little opportunity to take advantage of the exploited system. The target user may stop running the vulnerable software, or update it (possibly fixing the vulnerability), or log off the network, etc. A firewall is a low resource way to make this more difficult.
Maybe. But an exploit phoning home from an Apple computer still isn't going to be stopped by the current Apple firewall. It would only give itself away if an external client was trying to initiate a new connection (TCP SYN) with it. I don't think that's how these exploits typically work.
Once configured (and I have carried my configurations across several generations of OS-X/MacOS), it requires little attention. Once in a while, with a new app, or an upgrade to an app, there needs to be a change made, but otherwise Little Snitch runs in the background for me, and does its job quite well. A great app. A basic understanding of ports and protocols helps a lot.
Little Snitch since I don't want software calling back to ad servers, sending my location, analytic information I haven't given permission to send... then Icefloor to plug any holes as required (it's a front in for the hidden PF firewall built into the system (not the firewall in system preferences.))
I'd recommend not to use any 3rd party firewalls. They can do more harm than good. For example, Little Snitch had a bug that made the system more, not less, vulnerable:
https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one
This particular vulnerability has been fixed in the meantime, but who knows how many more there are. Any additional software that runs in privileged mode and/or handles network traffic potentially increases your attack surface. It is also often trivially easy for an app running on your computer to circumvent a software firewall to establish outgoing connections. If you have untrusted software running on your machine, the battle is already lost.
https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one
This particular vulnerability has been fixed in the meantime, but who knows how many more there are. Any additional software that runs in privileged mode and/or handles network traffic potentially increases your attack surface. It is also often trivially easy for an app running on your computer to circumvent a software firewall to establish outgoing connections. If you have untrusted software running on your machine, the battle is already lost.
Last edited: