Learn how a firewall can protect your Mac, how to use OS X's built-in firewall, and which third-party firewall is right for you.
They say good fences make good neighbors, and what goes for backyards may be even truer online. For most of us, using a Mac means that we don't have to worry about intrusive computer viruses. But the internet is a big place, full of all sorts of evils looking for vulnerable computers, and a firewall can help keep your Mac secure. Here's the lowdown on what a firewall is, how it works, and how to set up the one that's already on your computer (trust us, it's way easier than you think). We've also looked at some third-party firewall applications that offer features, flexibility, and protection that OS X alone can't match. With the right software in place, you'll be browsing, sharing, and surfing more safely in no time.
What's a Firewall?
Don't know a firewall from FireWire? Read this first.
To understand what a firewall is and how it can protect you, imagine that your Mac is a house. Each room is a network-connected application or service that can share files, browse the web, or print a document, and each of these services has a numbered port that acts as a door opening onto the highway. That highway could be your local network, or, depending on the service or application, it could lead all the way to the internet. Bad guys lurking out there are eager to try each service's door to see if it's locked, and if not, they'd be more than happy to let themselves in. To complicate matters (and to really bend a metaphor), a portable Mac is effectively a mobile home that you can unwittingly take into neighborhoods—that is, networks—that might not be as secure as you'd like. The solution is to limit access to the networked apps and services on your Mac. Trouble is, there can be so many running at once that turning them on and off manually isn't an option. Neither is staying off unfamiliar networks in this era of the cloud. To stay secure while using the features you rely on, you need a firewall.
OS X's built-in firewall is good, but more options are available.
Just like physical firewalls keep flames from spreading though a building, a firewall on your network keeps incoming traffic away from the ports you want to keep private. Firewalls can be hardware that, like a router or cable modem, handles traffic for all computers connected to it, or a firewall can be software running on individual computers. Either way, firewalls stand between the network and your Mac to monitor incoming data according to rules that control which computers can access—or even see—your machine online. That can help keep you safe from digital doorknob rattling as well as nastier intrusions like remote logins and denial-of-service (DoS) attacks. The software firewalls in this article are especially useful for mobile users, since they travel with you to strange networks, but desktop Macs will benefit from their protection, too.
Just remember, a firewall is no guarantee of totally secure computing, even on a Mac. For example, it's not a replacement for a strong password on your administrator account. And firewalls generally don't defend against trouble inside your network, like someone with direct access to your machine or malware on an external drive connected to your computer.
Unleash Lion's Firewall
Put OS X's network protection to work today.
If you're already convinced that you need a firewall, or if you're just curious to try out a good one, the firewall built in to OS X is the place to start. Open System Preferences, click Security & Privacy, and then click the Firewall tab. The firewall is turned off by default, so you'll see that all incoming network connections are allowed. To change that setting, click the lock icon in the firewall screen and enter your administrator password, then click Start to activate the firewall. That's it! From now on, any applications, programs, and services unauthorized by the system won't be allowed to automatically accept incoming network traffic. Any active sharing services, like file or printer sharing, will be unaffected.
OS X's firewall can be customized, but your options are limited.
For more options, click the Advanced button. In the resulting sheet you can select "Block all incoming connections," which stops all sharing services while allowing basic internet connections. If you leave that option unchecked, you'll see currently active sharing services in the Services List. You can't edit those services without a trip to the Sharing preference pane, but you can add applications to the list and control their network privileges. Click the + button to add an application, then click the arrows beside it to block or allow incoming connections. To remove an app from the list, select it and click the – button. Your final two options allow software signed by a valid certificate authority to access the network (iTunes, for example, is signed by Apple), and to activate stealth mode. It's almost as cool as it sounds, making your Mac invisible to "ping" attempts by hackers trying to locate your machine on a network. When you've configured the firewall's advanced options, click OK to apply them.
The number of options may seem overwhelming, but you can easily decide which applications are allowed to send data through the firewall.
Note that some active applications and services may be able to connect to the network through the firewall even though they don't appear in the Services List. These can include system applications, related services, and some digitally signed applications. However, if there's a particular application you want to control, you can still add it to the list to control the settings. Be sure you know what you're doing when you add these apps, however, so you don't accidentally interfere with important apps or system functions. For most users in common situations, the firewall's basic setting will be protection enough.
Continue for a rundown on some of the best third-party firewall apps available.
Firewall Firefight!
Which third-party firewall app is right for you?
Symantec Norton Internet Security 5 for Mac
us.norton.com/macintosh-internet-security/
Requires Mac OS 10.4.11 or later; 512MB RAM; 250MB HD space
$79.99 for one year of virus protection updates
Norton's location-aware features make network-hopping more secure.
A firewall is just one part of Symantec's security package that protects your Mac from viruses, phishing sites, and other nasty surprises online. It offers many more options than OS X's firewall for controlling incoming and outgoing traffic, including the ability to rule ranges of IP addresses as trusted or blocked. Travelers and other frequent network-hoppers will enjoy location-specific settings that offer different levels of protection based on the currently active network (such as Home, Work, and Traveling). Like OS X, Norton's advanced settings let you customize options for specific apps and services, but a rule creation assistant makes it easier for networking newcomers. That's a good thing, since directly editing rules requires a few more clicks than we'd like. But once your firewall is set up the way you want it, a graphical central window shows the past seven days of significant network events and lets you toggle important settings (including those cool location settings) with just a few clicks.
Open Door Networks DoorStop X
opendoor.com/doorstop/
Requires Mac OS 10.5.8 or later (10.6.7 recommended)
$49.00
DoorStop X's clean interface and great documentation make protecting your Mac easy.
A standalone app, DoorStop X combines powerful firewall features with a straightforward Mac-like interface that's easy to use. A setup assistant kicks things off by letting you block all services or just the ones you want from a list of common choices. Once you're set up, the main DoorStop window shows clearly which services are affected and how, thanks to handy lock icons that indicate their status. Selecting a service lets you customize its traffic settings globally, or by IP addresses and more, with a few clicks. More complex customizations, like changing a service's ports, are also available. But the most impressive feature may be DoorStop's exhaustive documentation, which goes miles beyond OS X's skimpy firewall help files. You can just select a service and quickly view related networking topics, from dense technical background to practical, plain-language advice about setting up your firewall. A location feature also lets you create and save firewall settings for use on specific networks when you're on the go.
Objective Development Little Snitch 2.4.4
obdev.at/products/littlesnitch/index.html
Requires Mac OS 10.4 or later
$29.95
If you want to get to your tweets, you've got to go through Little Snitch.
While other firewall applications focus on keeping the wrong traffic out, Little Snitch keeps an eye on the network traffic that's leaving your Mac. That way, it can alert you when malware or other processes might be trying to contact the outside world. Little Snitch includes built-in rules for common applications and services, and you can create your own, toggle them on or off, and sort them in a convenient iTunes-like window. Creating rules from scratch (allowing or blocking apps' access to particular IP addresses, hostnames, points on your local network, and more) can get technical for novice users, but Little Snitch also lets you create rules on the fly. As you use your Mac, outgoing traffic not already covered by a rule triggers an alert. The app responsible is clearly identified, and Little Snitch asks how you want to proceed with a wide range of options. Your response creates a rule that can be edited later. Combined with a traditional firewall, these rules can effectively double your Mac's protection against network threats—both inside and out.
Junecloud Firewall Switch
junecloud.com/software/mac/firewall-switch.html
Requires Mac OS 10.5 or later
Free
One of these widgets can make your Mac more secure.
When it comes to computer security, simpler tends to be better. After all, easy-to-use features are more likely to get used, right? That's certainly the logic behind Firewall Switch, a one-button Dashboard widget that displays the status of OS X's built-in firewall and lets you change it with a click (okay, a few clicks. And it works best if you're not running Dashboard as a space). A gray icon means your firewall isn't running; a blazing orange icon means the firewall is active. Clicking the icon launches System Preference's Security & Privacy pane, where you can enter your admin password to automatically activate or deactivate the firewall (any changes to your firewall settings are usually made in System Preferences). For even more network-security-shortcut goodness, you can set Firewall Switch to open the Sharing preference immediately after the firewall is activated. You can even double-click the icon to go directly to Sharing if you like. Hey, anything that makes Mac security easier is pretty nifty in our book. If nothing else, Firewall Switch just may give you a reason to visit Dashboard again.
Intego VirusBarrier X6
intego.com/virusbarrier/
Requires Mac OS 10.5 or later; 40MB HD space
$49.95 for up to 2 Macs for 1 year of virus protection and software updates
VirusBarrier's animations make it clear what's happening on your network.
Like Norton's security suite, VirusBarrier offers a package of virus, phishing, and malware protection tools in addition to a firewall to help keep your Mac secure. Unlike Norton's offering, VirusBarrier contains all its features in a single window, so it's easier to see what's happening with your Mac. Its firewall component comes with built-in settings (ranging from no network restrictions to strict client or server modes) that should cover most average uses, and you can create your own custom settings. Building rules for apps and services is relatively straightforward thanks to simple (if slightly un-Mac-like) pull-down menus that let you define the source and destination of the traffic you want to manage and which services are affected. But choosing applications from VirusBarrier's out-of-date list (Napster and Diablo—really?) is too clunky to recommend compared to other firewalls. But once created, rules can be activated according to set schedules, and you can save collections of settings as configurations for different networks.
Hanynet NoobProof and WaterRoof
hanynet.com/applications/index.html
Requires Mac OS 10.5 or later
Free
NoobProof can manage your Mac's network traffic from one window.
The firewall interface in the Security & Privacy preference pane works, but it's pretty simplistic. Managing networked features in other applications (like iTunes and iPhoto sharing) requires, well, trips to those applications. What do you do? With NoobProof, you can manage how your Mac handles its networking traffic in one place. It's a graphical front-end for OS X's firewall and various sharing features that may look a little rough around the edges, but it lets you customize access to your network traffic with much more flexibility than Cupertino allows. Experienced networkers can jump right in and edit connections manually, but a setup wizard is available to walk new users through an initial setup that, like those in other firewall apps, can be changed later. But fans of slick graphics and friendly icons may want to stay with OS X's default controls; NoobProof is strictly a text-and-checkbox affair. For even more powerful firewall management, the developer also offers WaterRoof (get it?), which adds tools more suited for die-hard networkers who want to turn a spare Mac into a dedicated router.
沒有留言:
發佈留言