Skip navigation

Firewall for mac

3853 Views 15 Replies Latest reply: Feb 8, 2013 10:57 AM by sanjampet RSS
1 2 Previous Next
pulpman Calculating status...
Currently Being Moderated
Feb 7, 2013 11:34 AM

My building is installing a WI FI set up, which all owners will access by the same Password.

I don't know if I have a Firewall, doubt it, but should I get one, and what is recommended.

 

Thanks

Mac Pro, Mac OS X (10.7)
  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Feb 7, 2013 11:48 AM (in response to pulpman)

    OS X has a built in firewall.

     

    The full features of the firewall (outgoing and incoming) are accessible via the Terminal (command line program) and thus complicated for most.

     

    The incoming portion of the firewall is handled via the System Preferences > Security > Firewall with a easy graphical user interface with basic ability.

     

    The full features of the OS X firewall can be accessed with a graphical user interface program using donationware software

     

    NoobProof (for beginners) or

     

    WaterRoof (for more advanced users)

     

    http://www.hanynet.com/applications/index.html

  • sanjampet Level 5 Level 5 (6,890 points)
    Currently Being Moderated
    Feb 7, 2013 11:51 AM (in response to pulpman)

    There is a firewall in your Mac. go to system preferences>security & privacy, click on firewall tab, click turn frewall on. Click firewall options, click Block all incoming connections, your good to go.

  • Baby Boomer (USofA) Level 9 Level 9 (55,540 points)
    Currently Being Moderated
    Feb 7, 2013 12:12 PM (in response to pulpman)

    Macs do not get viruses.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    2ue5vgy.gif

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Feb 7, 2013 12:34 PM (in response to pulpman)

    pulpman wrote:

     

    I found the system preferences and I do have the firewall turned on. Will this be sufficient to prevent viruses etc?

     

    No.

     

    And since your all on the same local area network, there really isn't much you can do if someone capable wants to be malicious.

     

    Your incoming Firewall will assist protecting you from those trying to get into your machine, however you also need to make sure all your System Preferences > Sharing services are turned off.

     

    You can install the free ClamXav to scan once in awhile for mostly Windows malware that doesn't affect a Mac.

     

    http://www.clamxav.com/

     

    Make sure to set a very good password for your machine, I would recommend something 20 random characters, letters and symbols in length.

     

    A pain to remember, but a pain to crack which on a LAN they likely will do a man in the middle attack with a fake software update to get in if they wanted too, but it's harder to do than brute forcing your weak password.


    http://howsecureismypassword.net/

     

    Also they can mimic your MAC address of your wifi card, then fake theirs to match yours, connect to the router first and thus you can't connect.

     

    There is software to randomize and rotate your MAC address so you appear as another to the router each time you want to connect.

     

     

     

    As long as you trust everyone else on the LAN (local area network) and the admin of it, then you shouldn't have a problem.

     

     

    You should use Firefox and the HTTS Everywhere add on, this will ask for a encrypted connection from every web site you visit, not all provide it, but many now do so people on the LAN can't watch what your doing online.

     

    https://www.mozilla.org/en-US/firefox/new/

     

    https://www.eff.org/https-everywhere

  • sanjampet Level 5 Level 5 (6,890 points)
    Currently Being Moderated
    Feb 7, 2013 12:36 PM (in response to Baby Boomer (USofA))

    Like Baby Boomer said Macs don't get viruses.  I would go to Safari>safari preferences>security>and unclick

    Safari screen shot>security.  Java, and unclick plug ins (Screen shot 2013-02-07 at 3.31.08 PM.pngunless you need them for a site) which would be rare. Don't download any software, unless you go to manufactuers site for it, and never click on anything that pops up, just close it. All the best

  • Network 23 Level 6 Level 6 (11,510 points)
    Currently Being Moderated
    Feb 7, 2013 12:45 PM (in response to pulpman)

    pulpman wrote:

     

    I found the system preferences and I do have the firewall turned on. Will this be suffficient to prevent viruses etc? Or do i need another system also?

    You'll want to read up on what it is you're trying to prevent. Viruses are just a small part of the malware landscape. And viruses are the thing Mac users fear the least, since there are none. But you still have to be concerned about other types of malware (Trojan horses, man-in-the-middle attacks, phishing...), and a firewall is not the right solution for them all.

     

    Also, the Mac firewall only blocks incoming intrusions. It will not prevent outgoing transmissions, such as if there is software on your Mac "phoning home." For that you need software like Little Snitch which was designed to filter outgoing traffic and has recently been upgraded to also filter incoming traffic. But you have to have some expertise to run it, since some less knowledgeable users become suspicious of traffic that is actually routine and end up screwing up their systems. (If you block unknown requests from 127.0.0.1 because you think it looks fishy, you basically disable all your networking).

     

    No firewall can prevent phishing and social engineering. If you get an email with a bad link, no software will stop you from clicking that link. You have to know not to click on unknown links, you have to know how to spot a fake bank page so you don't type your password into it. It doesn't matter how strong and complex your password is if you submit it to a fake site so that they get to see your exact password anyway.

     

    If you want to generally scan for viruses and some types of malware, you can use ClamXav, a free malware checker.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Feb 7, 2013 12:43 PM (in response to Baby Boomer (USofA))

    Baby Boomer (USofA) wrote:

     

    Macs do not get viruses.

     

    They did, but it's been awhile.

     

    https://en.wikipedia.org/wiki/Category:Macintosh_viruses

     

    Mac's do get viruses, but Windows ones that don't affect OSX  (unless it's a program virus like a Excel macro ) and can send them to other Windows users on files they share, thus the ClamXav to scrape them off.

     

    A Mac running Windows will get viruses in Windows for sure.

     

     

    So to be more specific, it's OS X that hasn't gotten a virus in quite some time, but the sure did get trojans and backdoors recently, like Finfisher and Flashback.

     

     

    So Mac's have gotten malware recently and the Flashback botnet is still over 750,000 Mac's still supposedly.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Feb 7, 2013 1:11 PM (in response to Network 23)

    has recently been upgraded to also filter incoming traffic.

     

    Awesome, 10.6 compatible and the upgrade from LS 2 was only $17

     

    Sweet, the incoming filter is going to come in handy with my vm's.

     

     

    Thanks.

  • MadMacs0 Level 4 Level 4 (3,330 points)
    Currently Being Moderated
    Feb 7, 2013 8:10 PM (in response to ds store)

    ds store wrote:

     

    So Mac's have gotten malware recently and the Flashback botnet is still over 750,000 Mac's still supposedly.

    I didn't realize anybody was still tracking that info since Flashback was declared extinct by at least two A-V labs. Do you recall where you heard/read this? I'd guess Dr. Web or Kaspersky?

  • Network 23 Level 6 Level 6 (11,510 points)
    Currently Being Moderated
    Feb 8, 2013 10:37 AM (in response to pulpman)

    The Sharing check boxes ds store mentioned, which are on your Mac, only affect sharing of items in your Mac or directly connected to your Mac with non-network cables. If you are using your Mac to share a printer, you must have Printer Sharing on. If your printer shares itself, or if your router shares your printer, then you don't need to turn on any sharing on your Mac.

     

    Printer sharing from your Mac is sort of a last resort if your printer can't already be shared by your router or by itself.

     

    I use the sharing services on my MacBook Pro...but only when I'm home. When I take my MacBook Pro out of the house, I turn off all sharing on my MacBook Pro to enhance security. And that includes sharing that is not part of the Sharing preferences, such as iPhoto and iTunes library sharing that you control from those applications. My printers are all network-capable, so they share themselves on my home network, and my Macs are simply clients that can see the printers on the network and use them.

  • sanjampet Level 5 Level 5 (6,890 points)
    Currently Being Moderated
    Feb 8, 2013 10:55 AM (in response to Network 23)

    Just as a rule, it is a good habit to turn off all sharing when you are done using your machine. You don't want to become non-chalant about anything. Just a good habit to get into. Other than that, network23 is correct. As a rule I leave all sharing off at all times, unless I ned them, then turn them off. Good habit to learn, certainly can't hurt if all sharing is off, possibly could if you forget or miss one that leaves you vunerable.

     

    Just my habit.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.