User profile for user: carol357
carol357 Author
User level: Level 1
10 points

Firewall Y/N?

I've been using my iMac (and MacBkPro) for several years and remember being told that I do not need to turn on Firewall or FileVault. However, lately I'm more concerned about recent hacking issues. I read the response to the FileVault question here and recognize that I do not need that level of encrypted protection, but should I be using Firewall? I'm not using any other virus protection and was told I did not really need that either. My questions are:


Do I need Firewall? (What protection does it offer?)

or, do I need virus software?

or, do I need both?


FYI, it was at the Apple store that I was told it wasn't necessary to use the Firewall or additional virus software.


Using MacOS High Sierra 10.13.1


This community is always my first go-to source for all things mac related--thank you for helping me learn more about my mac system.


ct

iMac, macOS High Sierra (10.13.1)

Posted on Jan 8, 2018 1:15 PM

Reply
5 replies
User profile for user: Tesserax
Tesserax
User level: Level 10
158,070 points

Jan 8, 2018 2:30 PM in response to carol357

Great question, and as you can imagine, there are multiple camps on, whether or not, you need to use a firewall.


A few things to keep in mind:

ROUTERS/FIREWALLS

  1. Most home or consumer-grade routers have some form of "firewalls" enabled by default. As a minimum, most have what is referred to as a "NAT firewall." This is not really a true firewall, but it does help prevent any inbound traffic from entering your local network that you didn't specifically request. However, it does not prevent any outbound traffic from going out.
  2. More "sophisticated" routers do include a SPI firewall. These types of firewalls "inspect" every packet going through the router (both inbound and outbound) to look for malicious content. However, these come at a performance hit as you can imagine the router has to work harder to do these inspections. Typically, the overall throughput of these routers are half those only using NAT.
  3. Going to the extreme, some folks install a dedicated firewall appliance into their network configuration.


SOFTWARE FIREWALLS

  1. Your iMac actually comes with two firewalls. These are known as software firewalls. They are both disabled by default. One of these firewalls works at the application level, the other at the network level.
  2. You enable/disable the application firewall via System Preferences > Security & Privacy > Firewall. To do the same for the network firewall would require using the Terminal app and entering the appropriate commands to do so.
  3. A number of third-parties sell additional application and/or network level software firewalls ... but, typically, are nothing more than "front-end" interface applications that use the native macOS ones.


Ok, with all that said, it comes down to how critical is your data on your computer that you need to try to protect it. Remember there is a performance trade-off when using a firewall. Most attacks come from within. That is, malware or viruses are introduced by the user either going to a web site or downloading software/clicking on links, etc. Rarely, do home computers get hacked from a remote location.

Reply
User profile for user: Tesserax
Tesserax
User level: Level 10
158,070 points

Jan 9, 2018 12:58 PM in response to carol357

Would you give me an example of firewall protection at the application level; i.e. word processing apps? music or movie apps? photo apps?

Sure. As you have stated, these types of firewalls work with applications. When an application needs to communicate to another application, it does so through sockets. A socket is basically a combination of an IP address and a port. Application firewalls monitor these sockets for malicious activity.


Application firewalls are based on socket filters. With them, you can control an application's communication to/from a remote location. Basically socket filters determine whether an application's process should make a given connection. So, these types of firewalls you control which applications have access inbound/outbound to/from your Mac.


In addition to the built-in application firewall, there are a number of third-party offerings, like Little Snitch.


Ref: OS X: About the application firewall - Apple Support


On the other hand, network firewalls, can affect all applications. Again, these types of firewalls "inspect" every single packet going though the connection. Network firewalls are unable to pass/block specific applications as they are not aware of which application is trying to make a connection. Instead, their main purpose is to protect macOS system services from remote inspection or intrusion.

Would you tell me what the percentage of performance trade-off is.

Application firewalls have limited performance impact and only to the specific application(s) that are being filtered. Network firewalls, on the other hand, because they are reliant on packet filtering can reduce data throughput by up to half ... and depends on the what you want inspected.


The best way to know is to try them as see what affect they have. I suggest that you try enabling your Mac's application firewall via System Preferences first and try it for awhile. If you want to experiment with a network level firewall, you will have a few choices to make:

  1. Enable the native network firewall using the Terminal app on your Mac.
  2. Use a third-party graphical front-end to enable that same firewall. One example would be: Vallum
  3. Do not enable a network firewall on your Mac, but do so on your router instead. This will be dependent on, whether or not, your router supports this. One advantage of doing so is that it would be effective for all of your network clients, not just your Mac.
Reply
User profile for user: carol357
carol357 Author
User level: Level 1
10 points

Jan 8, 2018 2:42 PM in response to Tesserax

Thank you. This is very helpful.

Would you give me an example of firewall protection at the application level; i.e. word processing apps? music or movie apps? photo apps? No need to go into detail, just want basic understanding.


The data I would want to protect is not that critical, but I would like to avoid having my contact list hacked and subjecting everyone to those annoying weird emails that usually accompany that type of attack, and of course, internet activity, although I don't store sensitive information on the web.


So I'm thinking that is why the Apple elf didn't encourage me using the Firewall? Would you tell me what the percentage of performance trade-off is.


Thanks again for helping me understand how this works.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Firewall Y/N?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up