64x64 icon dark hosting
Choose a hosting plan here and get a free year's subscription to Tuts+ (worth $180).

Firewalls: Your Mac's Security Blanket


Start a hosting plan from $3.92/mo and get a free year on Tuts+ (normally $180)

Today, we introduce you to your quiet defender. Diligent, adaptable, and powerful, your computer’s first line of defense against the wilds of the Internet is a technology that all computer users should have a passing familiarity with — let’s meet the firewall and find out how you can tune your Mac to protect you from threats.

It’s Dangerous to Go Alone

More than ever before, it’s safe to assume that if you have a computer, it will at some point be connected to the Internet, either directly or through another computer via a network. This is how we tap into the vast exchange of information, talent, and resources that the global web offers.

While this brings us self-evident benefits, it also opens us up to the dark underbelly of the Internet: various criminal angles that seek to disrupt our usage through malicious software, fraud, privacy breaches, or simply by way of unwanted network traffic.

This connection point, the crucial junction between you and the Internet, is where the firewall comes into play.

Wherefore Art Thou Firewall?

Historically, the term firewall had a much more literal meaning — denoting the use of a structure to cordon off an encroaching fire. Its digital evolution performs a more sophisticated set of tasks centered around ensuring that all incoming and outgoing traffic on your network is legitimate.

Wall of Fire
This is not quite what we mean by a "firewall" these days

Contrary to what you might expect, in many cases the threats originate from the local network rather than the Internet at large (at least where businesses are concerned). This is why firewalls have evolved to the point where they can govern complex relationships between networks even within the same company.

But how do they work?

Network Traffic and Onions (They Both Have Layers)

When we transmit data over a network, it is sent in a flurry of small sections called packets. Packets are sent over pathways known as ports. Since the technical details are not important to our understanding of how firewalls fit into our day-to-day computing, suffice it to say that the basic operation of all firewalls involves the careful analysis of this information and the management of which packets are allowed through which ports.

Firewall Diagram
This is the essence of a firewall's placement in your network

There are more layers to computer communication than that. In fact, the most common understanding is a model proposed by the International Standards Organization (ISO) that characterizes computer communication in seven layers, from physical media to application calls.

This is important because the model is the easiest way to distinguish between the basic types of firewall out there: the packet filter firewall, a stateful filter, or an application layer firewall. There are a number of variations thereof, but these major categories describe the majority of firewall functionality.

Packet Filters

The most basic of all firewall types, the packet filter is fairly self explanatory: it intercepts network traffic and analyses the information contained in the header of the packets — basically like the ID tags of those information chunks we mentioned above. This represents one of the most superficial layers of communication.

Those ID tags are compared to a database of trusted sources, and if everything checks out, the packet is delivered to its destination. Otherwise, it is “dropped” or discarded.

“Stateful” Filters

A more complicated filtering method, so-called “stateful” filters are more invasive; they dig deeper into the packets and, in fact, will store a number of them in memory and analyze their pattern as a group in order to determine whether they represent the start of a new connection, data traveling along an existing connection, or mystery data that’s not associated with a known process running on the machine.

This extra layer of protection allows the firewall to make more sophisticated judgements about what is safe and what is not, though it still uses a static database of trusted rules to judge things by.

One downside of this kind of firewall is that the packet memory can be overloaded by a sudden flood of garbage data — resulting in a complete halt of all network traffic as the firewall tries to deal with the overflow. This is commonly known as a Denial-Of-Service or Distributed-Denial-Of-Service (DDOS) attack and it constitutes a major weapon in the arsenal of modern hackers.

Application Layer

This final type of firewall is the most advanced in that it operates up to the application layer of network communication. This means that it can actually understand what the information it processes is meant for — it can tell if a packet belongs to a certain application, whether it represents a known type of communication by that application, and whether or not to allow it based on per-application rules.

OS X’s built-in firewall is of this final type, and it provides us with the ability to selectively enable/disable network access for specific applications while warning us of any suspicious network activity.

Hardware vs. Software

In most consumer use cases, your computer will be connected to the Internet via a router. Routers are essentially hardware switchboards for your network traffic; they handle the routing of packets (hence the name), as well as managing incoming traffic and distributing it to its intended machines on the network.

Your Router's Role
The router is the centre of your home network, and its firewall is often sufficient protection against threats

Part of a router’s job is also to act as a hardware firewall. If you’re using an Airport Extreme, Express, or any of the majority of routers on the market today, you will already be secured behind a layer of protection. In most cases at home, this is actually sufficient and you may not see a need to activate the built-in software firewall that OS X provides.

The OS X Firewall

Despite the strong and secure foundations of Apple’s operating system, the inclusion of a software firewall is a crucial element in equipping users to properly protect their online lives if they wish. Now that we have a basic understanding of what a firewall is and how it works, we’ll learn how to set it up in OS X Mountain Lion (though the process is largely the same for previous versions).

Step 1: Activation

Navigating to Settings, you’ll find Security & Privacy right beside the Spotlight options in the top row of icons. Click through and then head over the Firewall tab to get started.

Firewall Settings
First thing's first: we need to turn the firewall on

Here, you’ll find a simple couple of buttons that will help you get everything set up. Unlock the settings (if necessary) using your admin password by clicking the lock icon at the bottom left of the window, and then simply click Turn On Firewall to activate your protection.

Step 2: Setting Everything Up

By default, the firewall has pretty basic settings enabled — it will allow any network sharing options you have previously enabled (screen sharing and file sharing, in my case) and it will auto-populate your list of rules with any existing network applications that you’ve approved. For me, that’s just DropBox.

OS X offers basic firewall options to tune your protection

The two checkboxes at the bottom of the window are the kind of thing you’ll want to keep checked. The first one instructs the firewall to automatically trust any application that’s been “signed”, meaning that the applications you’ve bought from the Mac App Store and other reputable sources will automatically be given a pass.

The second checkbox tells your computer to be a bit stealthier about its presence on the Internet. It doesn’t in any way affect your network traffic, it simply tells your computer to ignore any unfamiliar queries — for instance if a foreign service tries to “ping” the computer to determine whether or not it’s active (a possible pre-cursor to an attack).

What about that top checkbox for blocking all incoming connections? That’s the paranoid button. If you’re suspicious about what kind of network access is happening on your computer, activating this paranoid mode will clamp down hard on your computer’s network negotiations while you look for possible issues.

Step 3: Rules and Exclusions

As you use your computer, you’ll see notifications asking you how you want the firewall to handle certain network transactions from various apps. In most cases, you’ll want to approve these requests if you know the application and are using it.

If you notice any strange or unfamiliar activity, your best bet is to deny it and do some Google searching to figure out what might be happening. Better safe than sorry, and you can always change your mind about rules by going back to the Firewall settings and setting the application’s rules to allow traffic again.

Likewise, if you want to manually enable or disable network access for specific apps, you can do so by using the + button on the Firewall options page.

Alternatives for Power Users

Let’s say you find yourself fascinated by the level of protection and control you’ve uncovered by using the firewall. If you want to work with more sophisticated rules, set up profiles or sets of rules for different environments (work vs. coffeeshops vs. home) then you’ll want to look into a third-party solution that offers more robust management options.

My personal recommendation is a utility called LittleSnitch, from Objective Development.

LittleSnitch Network Monitor
LittleSnitch Network Monitor

LittleSnitch is an extremely powerful firewall front-end that allows you to fine tune your security and even keep an eye on it live by way of an excellent live network activity monitor that lives in your menu bar. In a future tutorial, we will dig deep into LittleSnitch as a means for power users to fortify their Mac.

Should I Be Worried?

The fact remains that for the vast majority of us, this kind of control is overkill — unless you expect to be under attack or seek to protect a computer whose users may not be responsible about their Internet activities, you should be more than adequately protected by the combination of your router’s security and OS X’s built-in firewall.

Parting Thoughts

The most important part of Internet security remains being wary about what you do, what you download, and how you choose to reveal and store sensitive information via the Internet. A responsible net citizen should rarely encounter a situation where they need to rely on a firewall to stay safe.

That being said, understanding what firewalls do and how you can make use of them is an important part of mastering your computer’s functionality. You don’t need to be a networking genius to appreciate the peace of mind that an extra layer of security can bring, and while firewalls are neither infallible nor the sole solution for protecting your computer from intrusion, they remain one of the simplest and most reliable.

We’d love to hear from you — do you have your OS X firewall activated? Do you use an alternative like LittleSnitch? Or perhaps you forgo firewalls entirely! Drop into the comments and share your thoughts as we work toward a better understanding of modern Mac security.

Images courtesy of PhotoDune.