I am kind of confused when it comes to allowing incoming connections in the firewall preferences, and what this actually means. Are their certain things in that preference menu that I should always allow for the system to function properly? I am just worried about security for the computer. Any help/info would be greatly appreciated! Im on a 2009 MacBook Pro 10.9.3. Thanks!
MacBook Pro, OS X Mavericks (10.9.3)
jamfanforlife28,
whether you should allow incoming connections in your firewall preferences depends upon whether you want the services which depend upon those connections. If your concern for the security of your computer overrides the want or need for a given service, then don’t grant permissions for the incoming connections of that service. If you’d rather have the service, then allow its incoming connections.
jamfanforlife28,
whether you should allow incoming connections in your firewall preferences depends upon whether you want the services which depend upon those connections. If your concern for the security of your computer overrides the want or need for a given service, then don’t grant permissions for the incoming connections of that service. If you’d rather have the service, then allow its incoming connections.
So for example, suppose you enable file sharing, and allow access by guests to certain folders. You want people on your local network to be able to access those files without having to enter a password. When configured as stated above, the firewall will allow that. Your router will prevent outsiders from accessing the files, whether the application firewall is on or not. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want.
Now suppose you unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.
Another scenario: Your web browser is compromised by a trojan. The trojan redirects all your web traffic to a bogus server. The firewall does nothing to protect you from this threat.
A final scenario: You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is signed by Apple. The application firewall, still configured as above, allows this to happen. Now you download a different trojan, one that tries to hijack port 80 and replace the built-in web server. The good news here is that the firewall does protect you; it blocks incoming connections to the trojan and alerts you. The bad news is that you've been rooted. The attacker who can do all this can just as easily disable the firewall, in which case it doesn't protect you after all.
It might make a bit of sense to use the firewall if you're running trusted services on an unprivileged port; that is, a port numbered higher than 1023. Those ports can be bound by a process with no special privileges.
Here is a more realistic scenario in which you should enable the firewall. Your portable Mac has several sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall to block them. Blocking is easier: one configuration change instead of several.
Thank you Melophage and Linc! Your info helped a lot.
which incoming connections should i allow in my firewall preferences
