New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Switcher Hangout The place for switchers to discuss their new machines, and how to work with OS X. General support can be had here for newbie stuff, like "How do I restart my new iMac?" :)

What Are Your Security Settings?


Post Reply New Thread Subscribe

 
Thread Tools
robotboy175

 
Member Since: Jan 10, 2010
Posts: 40
robotboy175 is on a distinguished road

robotboy175 is offline
still working my way around - just wondering how paranoid mac users are!

i do have the firewall up, that's about it.

anything else i need to check?
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
I would say turn the firewall on (particularly if you're not behind a router or if you're using a public network) and put it in "Stealth" mode. That's about it.

Stealth mode keeps your machine from responding to port scans. You can enable it by going to System Preferences => Security => Firewall tab => Advanced button.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 40,956
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, Yosemite

chscag is offline
Quote:
anything else i need to check?
In addition to the advice by cw107, if you are using a router and running wireless, use the strongest possible encryption method that you can. Preferably WPA2.

Regards.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by chas_m View Post
Actually, turn the software firewall OFF. You already have a superior hardware firewall in place -- it's called your router. Your software firewall won't stop any port scans or DDOS attacks, because that's already been stopped at your router. Don't take my word for it, check your logs. Compare the ones from your software firewall to your hardware one.
That assumes the machine never leaves the internal network. If it does, particularly if it travels to public networks (at a Starbucks or a Hotel, for example), you're going to want it turned on.

It won't hurt anything to have both a software and hardware firewall turned on, so it's better to be safe than sorry IMO.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
bobtomay

 
bobtomay's Avatar
 
Member Since: Dec 22, 2006
Location: Texas, where else?
Posts: 25,132
bobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond repute
Mac Specs: 15" MBP 2.33 C2D 256 4GB, MBA 13" i7 1.8, MB 2.0 2GB, Nano 4th, 3GS, iPad 1

bobtomay is offline
We have also seen a lot of network issues related to cutouts, intermittent access and general access problems with the SSID turned off that disappeared once turned back on.

There shouldn't be any issue having SSID on with anyone using WPA2.
The real thieves/hackers/etc will be able to find the network in any case.

I cannot be held responsible for the things that come out of my mouth.
In the Windows world, most everything folks don't understand is called a virus.
QUOTE Thanks
toMACsh

 
toMACsh's Avatar
 
Member Since: Jul 30, 2009
Location: Wisconsin
Posts: 5,568
toMACsh is a name known to alltoMACsh is a name known to alltoMACsh is a name known to alltoMACsh is a name known to alltoMACsh is a name known to alltoMACsh is a name known to alltoMACsh is a name known to all
Mac Specs: Mac Mini Core 2 Duo

toMACsh is offline
My security settings are classified information. Sorry.

If you tell anyone I posted here, I'll deny it.
QUOTE Thanks
OnceYouGoMac

 
Member Since: Dec 28, 2009
Posts: 396
OnceYouGoMac is an unknown at this point
Mac Specs: Macbook Unibody 2.26 Dual, 2GB RAM, 250 GB HDD

OnceYouGoMac is offline
I have the firewall on in full stealth mode. To the poster above, how do I turn off those settings you mentioned?
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,861
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is offline
For my security Little Snitch works well for me ....

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
miles01110

 
Member Since: Mar 11, 2009
Posts: 469
miles01110 will become famous soon enough

miles01110 is offline
I use strong passwords.
QUOTE Thanks
mbohn

 
Member Since: Jul 09, 2009
Location: Colorado
Posts: 356
mbohn will become famous soon enough

mbohn is offline
Quote:
Originally Posted by miles01110 View Post
I use strong passwords.
Black Holes and Snowy Mountains The 14 People You Meet in the Apple Store

Too funny. I don't spend too much time in Apple stores to confirm if this is true but it sure is entertaining. Thanks, Miles.

www.dynostep.com
engine simulation software
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by chas_m View Post
Nope.

Starbucks uses a router as well. So does the hotel. Indeed, so does everyone with broadband. This is simply not an issue for Mac owners, because the things you should be conscious of regarding security on a public network (unencrypted passwords, etc) are not dealt with by a software firewall. At all.
Sure, but if someone is probing you on a public network (i.e. one of the other machines on the same LAN), your computer is going to be responsive. Additionally, if someone happens to join a LAN and is infected with a worm that your machine is vulnerable to, you're at risk.

In my professional experience as a network admin for more than a decade now, I'll have to humbly disagree with you on this point. Sure, if you're having connectivity problems, by all means, don't run a software firewall. But I can tell you that I've had my software firewall turned on and in stealth mode both on my Windows machines and my Macs for quite a long time now and never have I had an issue that was directly attributable to the firewall being turned on. With that said, I have had to repair customer machines infected by worms that exploited a zero-day vulnerability in Windows that would otherwise have been safe if they were firewalled at the client. In particular, the CodeRed and Blaster worms should have been a wake-up call to any Windows user considering not running a software firewall. Those worms were the reason that MS finally forced the firewall on by default when they released SP2 for XP.

In my opinion, an ounce of prevention is worth a pound of cure - especially with Apple's lackadaisical attitude toward patching security vulnerabilities.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
technologist

 
Member Since: Mar 30, 2004
Location: USA
Posts: 4,744
technologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond repute
Mac Specs: 12" Apple PowerBook G4 (1.5GHz)

technologist is offline
I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.

It's less of a problem if you have a desktop at home and have a small network of computers you control. But if you're a notebook user, or a student on a university ResNet, or a corporate user on an internal network, then you should protect yourself against the other network users.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Well, it's not in stealth mode, because it responds to ICMP echo (ping). The test results you're seeing on GRC.com are likely viewed while sitting on a DSL/Cable modem, which is using NAT in and of itself (i.e. you've got a private IP address, your modem has the public IP address and routes traffic to you acting, in effect, like a router).

But I was surprised to find that you are somewhat right. I opened up my MacBook Pro's ipfw, running 10.6.2 and ran a port scan from my desktop PC running Windows 7. I used a couple of different products to do the scan and in both cases, found that no well-known ports were responsive. I did not run a full port scan, since it would have taken forever (and it's doubtful that a hacker having identified the presence of your machine would waste that much time, unless it was a high-value target).

But this paints a rosier picture than is reality. Reality is that if a vulnerability were identified, running no software firewall and sitting on a publicly accessible LAN would leave you susceptible to a worm that exploits that vulnerability. Additionally, if you happen to be running a piece of software that opens ports (like an IM client, for example) and that software has a vulnerability (as was discovered in iChat back in 2007), you could also be susceptible to a worm.

So, I stand by my argument that unless there is a problem directly attributable to the software firewall, it's better to have it running - particularly on a portable machine that leaves the relative safety of a home network.

Oh and please keep your metaphors clean, this is a family-friendly forum.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by chas_m View Post
And a list of these worms I will get on my Mac, along with documented cases of infection via iChat is ... where, again?
Let me google that for you

There are no other worms at the present, but that doesn't mean there won't be in the future. Especially when vulnerabilities are being found and it's taking Apple 6-9 months to patch. And that's only the OS, third party applications can also have vulnerabilities that could expose you to a worm or other exploitation.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by chas_m View Post
Okay, so we have ... one. One worm, that's long since gone (no cases reported in your link since 2006).

Given that there haven't been any new reports of worms since then, I think I will stand by my contention that this really isn't an issue on Macs, that the chance of future problems is low, and that a software firewall is an unnecessary duplication of services already provided by the hardware firewall.
It all goes back to my theory that an ounce of prevention is worth a pound of cure. If the firewall doesn't break anything, I don't see the harm in running it (or recommending it when asked).

Quote:
I do appreciate you reminding me about Leap-A, but I'm afraid it's not a very strong case (particularly when compared to Windows, but even just relative to the Mac).
And I understand where you're coming from. In the Windows world, there is a much stronger case for running a software firewall, simply by virtue of the sheer number of worms that exist for the platform. Chances are much exponentially higher that you would encounter one on a public network.

Quote:
I also think you're mischaracterising Apple's response time. There have been occasions where they've taken their time to patch an issue, and there have been occasions where they've been pretty speedy. Microsoft is likewise quite lackadaisical on patching some issues far more serious than the sort that produced Leap-A.
Oh, I don't know about that. Microsoft releases patches almost weekly (I'm keenly aware of them since I'm tasked with implementing updates for my desktops at work). Usually any reported vulnerability is patched inside of a week, it's very rare that an exploit exists before the patch is released.

Apple on the other hand has a track record of taking 6 months or more to release an update, and it's not exactly unusual that an exploit is released before that update finally surfaces. Examples:

This one was reported to Apple back in June and the patch was released about 2 weeks after the exploit was built and shown off as a proof of concept:
Leopard and Snow Leopard flaw exploited in proof of concept, real-world tomfoolery surely coming soon -- Engadget

This one was reported and patched by Sun in their own Java implementation, but it took Apple over 6 months to get theirs done:
Apple has yet to patch "critical" Java vulnerability

So you can see where my sentiment comes from. But it doesn't matter - clearly you have your own strongly held beliefs and that's fine. But I'm sure you can now understand why I made the recommendation.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks

Post Reply New Thread Subscribe


« Stupid Mouse Question | Iphoto seems usless to me »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Wi-Fi Security schweb Schweb's Lounge 12 05-15-2009 05:31 PM
Settings needed to post iMovie 06 vids on Youtube tomekinc Movies and Video 2 11-14-2007 06:31 AM
why wont iphoto08 remember slideshow settings? nokialed Images, Graphic Design, and Digital Photography 1 11-09-2007 10:04 PM
BF2 iMac 20" best settings?? Bussta Apple Desktops 2 01-26-2007 11:52 AM
@Stake issues security advisories for Jaguar Murlyn OS X - Operating System 0 10-29-2003 04:31 PM

All times are GMT -4. The time now is 02:58 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?