Protecting Your Mac with the Mac OS X Firewall


Because other people can access your computer when it's on a network, you should protect it from unauthorized traffic. Mac OS X includes firewall software you can use to block unwanted network connections and prevent unauthorized network access to your computer. The firewall uses the BSD utility ipfw (IP Firewall) to block network traffic on specific IP ports.

The firewall included in Mac OS X is separate from network firewalls or network security devices that network administrators use to protect against attacks from outside the network, but it has the same function: it protects your computer from attacks or unwanted intrusion. If your computer is on a network that has a firewall, you should still use the Mac OS X firewall to protect against the possibility of attacks from other computers on the network.

TIP

All Mac OS X computers connected to the Internet, including those behind network firewalls, should enable the firewall.


To enable the firewall, click Firewall in Sharing preferences and then click the Start button. The Mac OS X firewall blocks traffic to specific IP ports. IP ports specify network services, such as Apple File Service (port 548) and web services (port 80). By preventing incoming traffic from reaching certain port numbers, you can prevent many types of unauthorized access to your computer.

When you enable the firewall, all ports other than the ones checked in the list will be blocked. Blocking ports may disrupt services such as iChat Bonjour browsing and iTunes music sharing, so be sure to block only those ports you know are not in use.

When you turn on a network service in the Services pane of Sharing preferences, Mac OS X automatically allows that service in the Firewall pane. This allows authorized traffic to pass and other traffic to continue to be blocked.

If you are curious about the ports typically used for certain services, open /etc/services file. To read the file contents, either use the command line or navigate to /etc using Go to Folder (Command-Shift-G) in the Finder, and use TextEdit to view the file contents.

You cannot change the settings for the default ports listed in the Firewall pane; however, you can specify additional ports to be opened as follows:

1.

Click New.

A configuration sheet appears.

2.

From the Port Name pop-up menu, choose one of the defaults and click OK, or choose Other.

Defaults have port numbers already assigned. If you choose Other, you must specify the port number to use.

3.

Enter a port number, range, or series to open.

4.

Enter a description of the port.

5.

Click OK.

NOTE

If you are using iTunes for Windows, refer to Knowledge Base document 93396: "iTunes for Windows: Music Sharing With Windows Internet Connection Firewall."


Advanced Firewall Settings

To set additional firewall options, click the Advanced button in the Firewall pane of Sharing preferences. There are three advanced options:

  • Block UDP Traffic This can be helpful in preventing hackers from using your computer as part of a denial of service attack.

  • Enable Firewall Logging Keeps a log that shows which traffic the firewall has allowed or denied.

  • Enable Stealth Mode Prevents a sender from receiving any information about denied traffic. If someone is trying to get into your computer, they won't even know that you're preventing them from doing so (which makes it harder for them to know if an attack is working).




Apple Training Series Mac OS X Support Essentials
Apple Training Series: Mac OS X Support Essentials v10.6: A Guide to Supporting and Troubleshooting Mac OS X v10.6 Snow Leopard
ISBN: 0321635345
EAN: 2147483647
Year: 2003
Pages: 233

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net