View Single Post
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 16,464
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2009 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Quote:
Originally Posted by technologist View Post
I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.
Uh, no.

1. The software firewall in Mac OS X does the same thing as a hardware firewall, only less well. So it will not protect you from local machines unless a local machine launches a DDOS attack. Which is pretty ridiculous, you could just walk over to them and throw your Starbucks latte at them if they did that.

2. You don't need protecting from local machines. A Mac with its default setup (all sharing turned off) is ALREADY IN STEALTH MODE. But don't take my word for it, test it yourself. Turn off your software firewall, and go here:
https://www.grc.com/x/ne.dll?bh0bkyd2
Run all the tests you want. You are "stealth" on all ports (in other words, no packets come back from "sniffing" tests).

And before anyone says "well that's a windows site," ahem -- TCP is TCP. Ports is ports. No difference.

Bottom line: if you're feeling paranoid, rather than hide behind multiple firewalls, you should probably ask yourself some hard questions about your internet behaviour.

If you want to run a software firewall to make yourself feel good, be my guest. Unless you are running certain specific services (like FTP, VPN, etc), having both hardware&software firewalls on may not cause any issues.

But don't pretend you are getting any "extra protection."
QUOTE Thanks