Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    What Are Your Security Settings?

    Member Since
    Jan 10, 2010
    Posts
    40
    What Are Your Security Settings?
    still working my way around - just wondering how paranoid mac users are!

    i do have the firewall up, that's about it.

    anything else i need to check?

  2. #2
    What Are Your Security Settings?
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    I would say turn the firewall on (particularly if you're not behind a router or if you're using a public network) and put it in "Stealth" mode. That's about it.

    Stealth mode keeps your machine from responding to port scans. You can enable it by going to System Preferences => Security => Firewall tab => Advanced button.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  3. #3
    What Are Your Security Settings?
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Fort Worth, Texas
    Posts
    45,246
    Specs:
    27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, iPhone 6+, 3 iPods, Yosemite
    anything else i need to check?
    In addition to the advice by cw107, if you are using a router and running wireless, use the strongest possible encryption method that you can. Preferably WPA2.

    Regards.

  4. #4
    What Are Your Security Settings?
    chas_m's Avatar
    Member Since
    Jan 22, 2010
    Location
    Victoria, BC
    Posts
    18,956
    Specs:
    Mid-2012 MBP (16GB, 1TB HD), Monoprice 24-inch second monitor, iPhone 5s 32GB, iPad Air 2 64GB
    Actually, turn the software firewall OFF. You already have a superior hardware firewall in place -- it's called your router. Your software firewall won't stop any port scans or DDOS attacks, because that's already been stopped at your router. Don't take my word for it, check your logs. Compare the ones from your software firewall to your hardware one.

    You should however, as chscaq suggests, encrypt your wireless network if you're using one. WPA2 is recommended, and you can also limit the machines that can access it by MAC address (if you're unlikely to have or want guest users accessing it), and turn off the broadcasting of the SSID name (the wireless network's name).

    For those in apartment complexes especially, these steps are useful.

    Apart from that, it's more common sense: don't pirate software, don't fall for scareware, avoid porn and gambling sites (or use a proxy if you must), don't OK the install of anything you don't recall downloading.

  5. #5
    What Are Your Security Settings?
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by chas_m View Post
    Actually, turn the software firewall OFF. You already have a superior hardware firewall in place -- it's called your router. Your software firewall won't stop any port scans or DDOS attacks, because that's already been stopped at your router. Don't take my word for it, check your logs. Compare the ones from your software firewall to your hardware one.
    That assumes the machine never leaves the internal network. If it does, particularly if it travels to public networks (at a Starbucks or a Hotel, for example), you're going to want it turned on.

    It won't hurt anything to have both a software and hardware firewall turned on, so it's better to be safe than sorry IMO.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  6. #6
    What Are Your Security Settings?
    bobtomay's Avatar
    Member Since
    Dec 22, 2006
    Location
    Texas, where else?
    Posts
    26,209
    Specs:
    15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '11 1.8 i7 4GB 10.10; 21" iMac '13 2.9 i5 8GB 10.10; 5s & 5c
    We have also seen a lot of network issues related to cutouts, intermittent access and general access problems with the SSID turned off that disappeared once turned back on.

    There shouldn't be any issue having SSID on with anyone using WPA2.
    The real thieves/hackers/etc will be able to find the network in any case.
    I cannot be held responsible for the things that come out of my mouth.
    In the Windows world, most everything folks don't understand is called a virus.

  7. #7
    What Are Your Security Settings?
    toMACsh's Avatar
    Member Since
    Jul 30, 2009
    Location
    Wisconsin
    Posts
    5,832
    Specs:
    Mac Mini Core 2 Duo
    My security settings are classified information. Sorry.

    If you tell anyone I posted here, I'll deny it.

  8. #8
    What Are Your Security Settings?

    Member Since
    Dec 28, 2009
    Posts
    396
    Specs:
    Macbook Unibody 2.26 Dual, 2GB RAM, 250 GB HDD
    I have the firewall on in full stealth mode. To the poster above, how do I turn off those settings you mentioned?

  9. #9
    What Are Your Security Settings?
    chas_m's Avatar
    Member Since
    Jan 22, 2010
    Location
    Victoria, BC
    Posts
    18,956
    Specs:
    Mid-2012 MBP (16GB, 1TB HD), Monoprice 24-inch second monitor, iPhone 5s 32GB, iPad Air 2 64GB
    Quote Originally Posted by cwa107 View Post
    That assumes the machine never leaves the internal network. If it does, particularly if it travels to public networks (at a Starbucks or a Hotel, for example), you're going to want it turned on.
    Nope.

    Starbucks uses a router as well. So does the hotel. Indeed, so does everyone with broadband. This is simply not an issue for Mac owners, because the things you should be conscious of regarding security on a public network (unencrypted passwords, etc) are not dealt with by a software firewall. At all.

    It won't hurt anything to have both a software and hardware firewall turned on,
    Actually, it does. Conflicts between ports open/closed on the software vs hardware firewall are a constant issue with people who want to do things like use iChat, or p2p, FTP, VPN, Hulu, or certain SMTP setups (and that's just for starters). On a basic level (surfing, most email) you're not likely to have a problem with two firewalls on -- but beyond that you can easily and quickly run into conflicts. So really its best to just keep the software firewall off all the time (unless you are somehow using a highspeed connection directly and no router & its attendant hardware firewall are present -- in that case, yes you should use a software firewall).

    This is WHY Apple does not ship OS X with the software firewall turned on.

    Here's a couple of Windows-based (and remember, security is WAY more of an issue with them than it is with us) responses to the question "do I need the software firewall if I have a hardware firewall?"

    Do i need a software firewall if i have a router? - Neowin Forums

    Do I Need a Firewall?

    You will see this basic answer again and again: if you (or the hotspot you are connecting to is using a router that's not 20 years old, then it is already doing everything a firewall can do for you. More firewall ≠ better.

  10. #10
    What Are Your Security Settings?
    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,379
    Specs:
    21" iMac 2.9Ghz 16GB RAM & 13"MBP 2.9Ghz i7 8GB RAM 10.10.3, iPhone5 & iPad Air 2 iOS 8.3, ATV3
    For my security Little Snitch works well for me ....
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  11. #11

  12. #12
    What Are Your Security Settings?

    Member Since
    Jul 09, 2009
    Location
    Colorado
    Posts
    356
    Quote Originally Posted by miles01110 View Post
    I use strong passwords.
    Black Holes and Snowy Mountains The 14 People You Meet in the Apple Store

    Too funny. I don't spend too much time in Apple stores to confirm if this is true but it sure is entertaining. Thanks, Miles.
    www.dynostep.com
    engine simulation software

  13. #13
    What Are Your Security Settings?
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by chas_m View Post
    Nope.

    Starbucks uses a router as well. So does the hotel. Indeed, so does everyone with broadband. This is simply not an issue for Mac owners, because the things you should be conscious of regarding security on a public network (unencrypted passwords, etc) are not dealt with by a software firewall. At all.
    Sure, but if someone is probing you on a public network (i.e. one of the other machines on the same LAN), your computer is going to be responsive. Additionally, if someone happens to join a LAN and is infected with a worm that your machine is vulnerable to, you're at risk.

    In my professional experience as a network admin for more than a decade now, I'll have to humbly disagree with you on this point. Sure, if you're having connectivity problems, by all means, don't run a software firewall. But I can tell you that I've had my software firewall turned on and in stealth mode both on my Windows machines and my Macs for quite a long time now and never have I had an issue that was directly attributable to the firewall being turned on. With that said, I have had to repair customer machines infected by worms that exploited a zero-day vulnerability in Windows that would otherwise have been safe if they were firewalled at the client. In particular, the CodeRed and Blaster worms should have been a wake-up call to any Windows user considering not running a software firewall. Those worms were the reason that MS finally forced the firewall on by default when they released SP2 for XP.

    In my opinion, an ounce of prevention is worth a pound of cure - especially with Apple's lackadaisical attitude toward patching security vulnerabilities.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  14. #14
    What Are Your Security Settings?

    Member Since
    Mar 30, 2004
    Location
    USA
    Posts
    4,744
    Specs:
    12" Apple PowerBook G4 (1.5GHz)
    I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.

    It's less of a problem if you have a desktop at home and have a small network of computers you control. But if you're a notebook user, or a student on a university ResNet, or a corporate user on an internal network, then you should protect yourself against the other network users.

  15. #15
    What Are Your Security Settings?
    chas_m's Avatar
    Member Since
    Jan 22, 2010
    Location
    Victoria, BC
    Posts
    18,956
    Specs:
    Mid-2012 MBP (16GB, 1TB HD), Monoprice 24-inch second monitor, iPhone 5s 32GB, iPad Air 2 64GB
    Quote Originally Posted by technologist View Post
    I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.
    Uh, no.

    1. The software firewall in Mac OS X does the same thing as a hardware firewall, only less well. So it will not protect you from local machines unless a local machine launches a DDOS attack. Which is pretty ridiculous, you could just walk over to them and throw your Starbucks latte at them if they did that.

    2. You don't need protecting from local machines. A Mac with its default setup (all sharing turned off) is ALREADY IN STEALTH MODE. But don't take my word for it, test it yourself. Turn off your software firewall, and go here:
    https://www.grc.com/x/ne.dll?bh0bkyd2
    Run all the tests you want. You are "stealth" on all ports (in other words, no packets come back from "sniffing" tests).

    And before anyone says "well that's a windows site," ahem -- TCP is TCP. Ports is ports. No difference.

    Bottom line: if you're feeling paranoid, rather than hide behind multiple firewalls, you should probably ask yourself some hard questions about your internet behaviour.

    If you want to run a software firewall to make yourself feel good, be my guest. Unless you are running certain specific services (like FTP, VPN, etc), having both hardware&software firewalls on may not cause any issues.

    But don't pretend you are getting any "extra protection."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Security settings
    By lanam in forum OS X - Operating System
    Replies: 1
    Last Post: 08-04-2009, 02:48 PM
  2. Security Zone Settings
    By Tiernn in forum OS X - Operating System
    Replies: 4
    Last Post: 07-08-2009, 12:54 PM
  3. How Do I set Up Security Settings?
    By mab in forum OS X - Operating System
    Replies: 5
    Last Post: 01-03-2008, 10:57 PM
  4. Wireless Security settings
    By Magicbear in forum Internet, Networking, and Wireless
    Replies: 2
    Last Post: 06-12-2007, 08:16 AM
  5. Flash Security Settings
    By Brown Study in forum OS X - Apps and Games
    Replies: 0
    Last Post: 03-10-2007, 02:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •