The firewall you haven’t thought about.

23. April 2013 Security 9

As mentioned in this article, your firewall is very important. Designed to analyze and filter inbound connections it is your first line of defense against intruders and common attacks such as port sniffing. Not many people have the firewall on their Mac enabled, they figure the router has one so everything on the network is safe from outside attack. While this may be partially true, it is still recommended you enable the firewall on your Mac. For example:
– The router is not properly configured.
– The router has outdated firmware (so vulnerabilities may be present that can be exploited).
– Others have access to the router and may have changed settings or disabled the firewall (other network users or a hacker).

If any of these are the case in your home or office you are vulnerable on the network. This risk increases on large office and corporate networks as the threat may come from other computers on that network. If one of your colleague’s computers is infected with malware it may seek out other computers on the network to infect, since it is not an outside threat, your router will not catch this activity as it is in the ‘trusted zone’ behind the firewall. For these reasons and there are plenty more scenarios i could think of, it is a good idea to have the built-in firewall enabled. You can locate the firewall settings by opening System Preferences and clicking on ‘Security & Privacy’, the third tab opens access to the firewall ‘on’ button and the firewall options. Once enabled, examine the firewall options and configure it properly. For help understanding what each option is and does, click the round button with a question mark in the bottom left corner. A Help Center window will open up explaining the options. My definition of each option:
Block all incoming connections – If you are online in a public place or not-trusted environment this is a good setting to use. If you find it limits you too much, disable it and configure each application manually in the list below by clicking the ‘+’, then finding the Application you want to configure.
Automatically allow signed software to receive incoming connections – As certificates can be falsified it is not recommended to enable this option.
Enable stealth mode – Enable this to keep yourself hidden from network attacks and connections you did not request.

Simple like everything else Apple yet very strong and more than capable to keep an eye on all inbound traffic.
Simple like everything else Apple yet very strong and more than capable to keep an eye on all inbound traffic.

So what’s with the title of this post? I have thought about the firewall before, i even have it enabled and all set up, what do you mean?

Ask anyone what a firewall is and most are able to describe it’s basic function “stops hackers from getting into your computer”, “keeps the bad guys out”. The firewall has a weakness, it ónly filters inbound traffic. Hardly anyone ever considers outbound traffic to be an issue. What if you somehow did get infected with malware, this malware may be sending all sorts of data back to it’s creator and you have no idea it’s happening. Your key strokes, address book, maybe your display is being monitored, it’s all uploaded to some stranger controlling the malware and since it is outbound traffic, your firewall doesn’t care. This is where applications like Little Snitch come in. Little Snitch is an outbound firewall and network monitor. I have been using it for many years and have come to love it, it is one of the first applications i install on my new or re-installed Macs and i don’t trust a Mac without it. After you install it you will be presented with a small flood of pop-up dialogs asking permission for applications and processes to access the outside world. While a little annoying at first, the worst is over after a few minutes, you are shocked to see exactly how many things are accessing the internet without you knowing. If you take a minute, inspect the pop-up windows and make the right decision when it asks for permission, the pop-ups will soon stop as it remembers your settings and it won’t bother you again for that specific application or process. The window also shows a help button that can show you information on the app or process that is requesting access so you can see what it is, what it does, if it’s known as being trusted etc. Little Snitch is an amazing application and i recommend it to any Mac user.

While checking for updates Flash Player is caught by Little Snitch and asks for permission. The help button shows process information.
While checking for updates Flash Player is caught by Little Snitch and asks for permission. The help button shows process information.

An outbound firewall is just as important as an inbound one. While there are more applications out there that offer similar functionality as Little Snitch, i have never had a reason to move away from Little Snitch. Explore, test and pick the one you like best. Keep in mind that some antivirus suites offer a firewall as well, if you are interested in an antivirus application (you should be), see if their firewall offers support for both inbound and outbound traffic.

To see how Little Snitch can be used in the fight for privacy, have a look at this article.

Update:
In light of Marsian’s comment to this post i felt it would avoid some confusion if i update this post. Unlike Little Snitch, OS X’s firewall will not give you any additional information about the application or process that is asking for permission. If it prompts you for a process or application name and you have no idea what it is or what it does, you have to do some searching online to find out. If you want, until you find out what it is, you can deny the connection. If it turns out later it is something that you need you can go into the firewall settings and change ‘deny’ to ‘allow’. You will be presented with a notification once in a while that does not clearly state the name of the parent application so some research will be required in those cases.


9 thoughts on “The firewall you haven’t thought about.”

  • 1
    Marsian on April 23, 2013 Reply

    Good tips, thanks!
    I have a question: the firewall is asking me about “ContentManagementServer.app”, how do i find out what that is?”

    • 2
      SecuritySpread on April 23, 2013 Reply

      Hi Marsian,
      I have found it to be part of the DAZ 3D application, is this something you use? To verify if you have this (and if this was the application asking for access) have a look here on your Mac: /Library/DAZ 3D/*/ContentManagementServer.app/Contents/MacOS/DAZ Content Management Service

      If it’s there and you don’t use DAZ 3D or have uninstalled it since, delete the “DAZ 3D” folder and empty the trash. Either way it is safe to allow the process access.

  • 3
    Marsian on April 23, 2013 Reply

    Ah, thanks!

  • 4
    henry pantowski on June 6, 2014 Reply

    interesting

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.