My Mac day usually starts with a quick look at my Mail inbox, a rush through 40 or 50 RSS feeds, and a scan of new Mac software. What caught my eye today was an update for anti-vandal software. Anti-vandal?
Yes. Specifically NetBarrier X5, which bills itself as firewall and anti-vandal software. Anti-vandal? Alright, it’s early in the day and I’m an agreeable Mac system administrator. What does NetBarrier X5 do that your Mac cannot already do? Besides providing anti-static effects for vandals?
Is There A Need For A Mac Firewall?
Apparently, Mac users need to protect their Macs from the perils of the internet with a four-level line of defense that provides optimal security (according to Intego, who publish NetBarrier).
Why? So you can use the internet on your Mac without being vulnerable to the dangers of the internet.
And we all know what happens then, right? You don’t? You’re not alone.
First, what is a firewall and why do you need it? A firewall is software or hardware (or both) that block unauthorized access to your computer while permitting authorized access.
Second, why do you need a firewall on your Mac? The reasons are many and varied, but basically it’s an extra level of security to keep bad guys off your Mac. Sometimes.
Sometimes? If you’re running a recent Mac, please note that your Mac came to you with Mac OS X’s firewall turn off by default. Off, as in, not on. Why? Isn’t it better to be on than off? I administer a few hundred Macs in a private school and we’ve never had an intrusion. Never. Ever.
#7 – NetBarrier X5
One of the more expensive Mac firewall utilities is Intego’s NetBarrier X5—the one than uses the term anti-vandal.
NetBarrier puts up a block to filter incoming and outgoing data, to and from your Mac, filtering data so only good data comes and goes, while bad data is blocked.
The Anti-Vandal feature of NetBarrier checks your Mac’s network activity, and gives you an alert when it spots something fishy. Privacy Protection (all the rage in the 21st century) blocks some advertising and lets you surf the web (do people still do that?) anonymously.
Finally, NetBarrier monitors your Mac’s network activity, shows you your Mac’s network traffic, and what connections are active at the time. Paranoid Mac users from the Windows world love NetBarrier.
#6 – DoorStop X
This is one of my favorite Mac firewalls because it is so blessed simple to set up and use. DoorStop X looks like what you’d expect a Mac firewall to look like—and behave.
DoorStop X is simple. Install it with a double click. DoorStop will turn off your Mac’s built-in firewall (if it’s on) and replace it with a somewhat more comprehensive software firewall with more specific controls.
With just a few clicks you can Allow All Access or Deny All Access over specific incoming (not outgoing) ports (the holes that firewall plugs), and assign the filter to specific applications and utilities on your Mac.
A companion to DoorStop X is called Who’s There? and gives you a more granular look at the firewall logs on your Mac. Of all the Mac firewall utilities, save one, DoorStop is the easiest to set up and use.
Continued from Page 1…
Understanding the need for a firewall on your Mac makes it easier to choose. Your Mac communicates with the internet, other Macs and the outside world, through thousands of ports (think of the old time telephone operator connecting a call with a cable), each with specific services.
To attack your Mac, a vandal must figure out a way to communicate to your Mac through those ports, and use the specific protocol to get your Mac to respond. That’s easier to say than do.
A firewall is software that plugs those ports (holes) and allows only specific communication to take place.
#5 – FirewallBuilder
All it takes is a click or two to turn on your Mac’s built-in firewall.
The truly geeky and adventurous among Mac users may enjoy the complexity of Firewall Builder.
This complex utility is an interface which configures a bunch of firewalls—from iptables and ipfilter to Cisco PIX and much more. If you manage a network of Macs, Windows PCs, and Linux PCs, Firewall Builder is a useful, albeit complex, tool.
Firewall Builder implies that it’s a tool that helps you build a firewall from scratch. That’s pretty much it. If you’ve never used a Mac or Windows firewall, this is not the tool you need to prevent vandals from looking at or messing with what’s on your Mac or PC.
#4 – Norton Internet Security For Mac
If hype is what you respond to, and a brand name is required to get you to think seriously about security, Norton is the name.
This suite of tools isn’t just a firewall. It adds a layer of protection for both incoming and outgoing network traffic. There’s features from Norton AntiVirus for Mac, and Norton Confidential for Mac, which helps protect you from online threats.
Norton can detect and remove viruses, spyware, worms, Trojan horses, and other malware, including those found in attachments and email. Forget the fact that there are no in-the-wild viruses or spyware for Macs. Norton is perfect. You know, just in case.
#3 – WaterRoof
Simple and elegant is WaterRoof, which simply gives you more control over your Mac’s built-in firewall.
It’s also free and comes with a straightforward interface that lets you set up rules, review firewall logs, check network connections on-the-fly, create rule sets, redirect specific network addresses, even manage network traffic that passes through your Mac.
WaterRoof is not as easy as DoorStop, but gives more protection with no additional cost.
#2 – IPNetRouter
An oldie but a goodie. We use IPNetRouter in our school to give an extra line of protection to the school’s Xserves.
There’s more here than just a firewall, as IPNetRouter acts as a router and a network utility.
It comes with a built-in DHCP server, a DNS server, bandwidth accounting, Ethernet bridging, load balancing, auto failover, and proxy features.
There’s a reason IPNetRouter is one of the more expensive Mac software utilities. It’s not for the faint of heart. Additionally, it scans addresses, logs connections, allows internet sharing, and even configures Apple’s AirPort. It’s the tool that keeps on giving as long as you keep on paying the update fee.
#1 – Apple’s Built-in Firewall
What is most surprising about the IP firewall in Mac OS X is that Apple doesn’t even bother to turn it on. It’s off by default. Open System Preferences, click on the Security icon, click the Firewall tab, click to turn it on.
Why is it off by default? Back to basics. It isn’t easy to connect to a Mac from the internet or any network whether a firewall interrupts the process or not. Most routers have built-in firewalls already. That limits connections to your Mac.
Mac OS X requires administrator access to turn on certain services, further prohibiting vandals from interfering with your Mac. That said, your Mac’s firewall configurations do more.
Click on the Advanced button and you can block All Incoming Connections. That’s a pretty tight Mac. Then, one by one, you can add connection services you may need for email, browsing, iChat, printer sharing and so on. Enable Stealth Mode so your Mac doesn’t even bother to respond to vandals who try to get in through a specific port.
If Apple doesn’t even both to turn on the Mac’s firewall, do you really need all the aforementioned security utilities to lock down and monitor your Mac? Of course. The more valuable your Mac’s data, the more paranoid you are about intrusion and vandalism, the more likely you’re willing to pay to jump through hoops to feel more secure.