They say good fences make good neighbors, and what goes for backyards may be even truer online. For most of us, using a Mac means that we don’t have to worry about intrusive computer viruses. But the internet is a big place, full of all sorts of evils looking for vulnerable computers, and a firewall can help keep your Mac secure. Here’s the lowdown on what a firewall is, how it works, and how to set up the one that’s already on your computer (trust us, it’s way easier than you think). We’ve also looked at some third-party firewall applications that offer features, flexibility, and protection that OS X alone can’t match. With the right software in place, you’ll be browsing, sharing, and surfing more safely in no time.
To understand what a firewall is and how it can protect you, imagine that your Mac is a house. Each room is a network-connected application or service that can share files, browse the web, or print a document, and each of these services has a numbered port that acts as a door opening onto the highway. That highway could be your local network, or, depending on the service or application, it could lead all the way to the internet. Bad guys lurking out there are eager to try each service’s door to see if it’s locked, and if not, they’d be more than happy to let themselves in. To complicate matters (and to really bend a metaphor), a portable Mac is effectively a mobile home that you can unwittingly take into neighborhoods—that is, networks—that might not be as secure as you’d like. The solution is to limit access to the networked apps and services on your Mac. Trouble is, there can be so many running at once that turning them on and off manually isn’t an option. Neither is staying off unfamiliar networks in this era of the cloud. To stay secure while using the features you rely on, you need a firewall.
OS X’s built-in firewall is good, but more options are available.
Just like physical firewalls keep flames from spreading though a building, a firewall on your network keeps incoming traffic away from the ports you want to keep private. Firewalls can be hardware that, like a router or cable modem, handles traffic for all computers connected to it, or a firewall can be software running on individual computers. Either way, firewalls stand between the network and your Mac to monitor incoming data according to rules that control which computers can access—or even see—your machine online. That can help keep you safe from digital doorknob rattling as well as nastier intrusions like remote logins and denial-of-service (DoS) attacks. The software firewalls in this article are especially useful for mobile users, since they travel with you to strange networks, but desktop Macs will benefit from their protection, too.
Just remember, a firewall is no guarantee of totally secure computing, even on a Mac. For example, it’s not a replacement for a strong password on your administrator account. And firewalls generally don’t defend against trouble inside your network, like someone with direct access to your machine or malware on an external drive connected to your computer.
If you’re already convinced that you need a firewall, or if you’re just curious to try out a good one, the firewall built in to OS X is the place to start. Open System Preferences, click Security & Privacy, and then click the Firewall tab. The firewall is turned off by default, so you’ll see that all incoming network connections are allowed. To change that setting, click the lock icon in the firewall screen and enter your administrator password, then click Start to activate the firewall. That’s it! From now on, any applications, programs, and services unauthorized by the system won’t be allowed to automatically accept incoming network traffic. Any active sharing services, like file or printer sharing, will be unaffected.
OS X’s firewall can be customized, but your options are limited.
For more options, click the Advanced button. In the resulting sheet you can select “Block all incoming connections,” which stops all sharing services while allowing basic internet connections. If you leave that option unchecked, you’ll see currently active sharing services in the Services List. You can’t edit those services without a trip to the Sharing preference pane, but you can add applications to the list and control their network privileges. Click the + button to add an application, then click the arrows beside it to block or allow incoming connections. To remove an app from the list, select it and click the – button. Your final two options allow software signed by a valid certificate authority to access the network (iTunes, for example, is signed by Apple), and to activate stealth mode. It’s almost as cool as it sounds, making your Mac invisible to “ping” attempts by hackers trying to locate your machine on a network. When you’ve configured the firewall’s advanced options, click OK to apply them.
The number of options may seem overwhelming, but you can easily decide which applications are allowed to send data through the firewall.
Note that some active applications and services may be able to connect to the network through the firewall even though they don’t appear in the Services List. These can include system applications, related services, and some digitally signed applications. However, if there’s a particular application you want to control, you can still add it to the list to control the settings. Be sure you know what you’re doing when you add these apps, however, so you don’t accidentally interfere with important apps or system functions. For most users in common situations, the firewall’s basic setting will be protection enough.
Continue for a rundown on some of the best third-party firewall apps available.
