Firewall for PC's

Similar Messages

• Can I open a port range in the firewall for one host?

  Can I open a port range in the firewall for one host?  In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server.  Is this possible?  Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
  Thanks in advance!

  Which version of OS X Server are you using?
  Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
  Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it.  A popular example of such a method is the icefloor utility.
  Apple suggest that for Server 3 you delegate firewall duties to an external router.  Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
  if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
  a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router.  There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
  If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
  Hope this helps.

• Hi looking for a bit of free  anti - virus and firewall for osx 10.8.2

  hi looking for a bit of free  anti - virus and firewall for osx 10.8.2 any pointers also any one used Mac cleaner ?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.

• I can not set up a firewall for my computer.  I can get to the place I'm supposed to get to but am unable to click start.

  I can not set up a firewall for my computer.  I can get to the place I'm supposed to get to but am unable to click start.

  If the Start Firewall button is grey (inactive) check to see if the pad lock is "locked" in the lower left corner of the screen.  If so, click it and enter the Administrator password to unlock it.  Then you can start the firewall.
  Hope this helps.

• Firewall for traffic shaping and bandwidth

  Hi all,
  I want one basic firewall for my small office. I have 15 to 20 users in my office. Please suggest me which firewall suitable for me? Please help me. Thanks

  Hi Sandeep,
  I guess this is mainly for day to day general work activities like browsing etc. You can go with ASA5505 with 50User license. In future if number of users grow, you can upgrade the license as well with no additional hardware costs.
  hth,
  MS

• Configuring Mac OS X Firewall for iChat

  I understand that one must configure the firewall in Mac OS X Tiger before using iChat. It is a mystery to me that Apple does not provide a pre-configured Firewall rule for iChat AV that the user can easily just turn on or off. (Apple does have a pre-configured rule for iChat Bonjour).
  There is a How-To article on Apple's web site (see http://docs.info.apple.com/article.html?artnum=93208 ) but this article appears to be out of date. The article tells you to open up certain ports but it does not tell you whether the ports are TCP or UDP.
  From what I am been able to figure out, one needs to open up the following ports in the Mac OS X Firewall for iChat to work:
  TCP Ports -- 5190, 5297, 5298
  UDP Ports -- 5060, 5190, 5676, 16384-16403
  Is this correct? Do I need to open up these ports in the Mac OS X Tiger Firewall before I can get iChat AV to work?
  (I prefer not to open uo any unnecessary ports).
  RobK

  By default the Mac OS X firewall doesn't block UDP traffic. So unless you have clicked on the "Advanced" button in your firewall settings and told the firewall to block UDP you don't need to bother with the UDP ports (and indeed, including them in your firewall rule they wont even be used).
  There is absolutely no need whatsoever to open up TCP ports 5222 or 5223.
  While ports 5222 and 5223 are used by XMPP/Jabber SERVERS iChat doesn't receive inbound connections on those ports. iChat will make an outbound connection on a random high port (mine's currently using port 54804 to connect to Google Talk on port 5223) and there's no need for a firewall rule for these (and it's impossible to predict what port iChat will use anyway).
  Port 5190 (TCP) is used for AIM server connection. Just like above iChat will use a random high port to connect to the AIM server on this port so this does not need to be opened.
  Port 5190 (UDP) is used for AIM file transfers i believe. It may be that iChat also uses it for XMPP/Jabber and Bonjour file transfers too (though i suspect not since the Bonjour firewall rule doesn't open up this port). If you haven't blocked UDP traffic you wont need to open this port.
  Port 5220. As far as i know this port has nothing to do with XMPP/Jabber. The only thing i can think of is that perhaps iChat uses it as a custom file transfer port (though since Bonjour is just serverless XMPP/Jabber and this port isn't opened the Bonjour rule i suspect not). There is probably no need to open this port.
  Port 5298. I believe this is used for message exchange via Bonjour. If you're not planning on using Bonjour you shouldn't need to open it.
  Anyway, after this long rambling post the conclusion is:
  So long as you haven't blocked UDP traffic in the Advanced section of your Mac OS X firewall you shouldn't need to open up any ports for iChat to work (on your Mac anyway. Gateway/router is another story).
  If you have blocked UDP you will need to open the following:
  UDP: 5060, 5190, 5297, 5298, 5353, 5678, 16384-16403
  No TCP ports should need to be opened.
  Forwarding the above UDP ports to your machine on your gateway or router should enable things to work perfectly.

• How disable the firewall for only one NIC (aka adapter)

  Hi people,
  in winXP it was super easy to disable the firewall for one specific "adapter"
  (just to need to uncheck)
  so in Win7 how we disable firewall for one adapter ?
  thx people :D

  I have found it :D
  Go into Firewall with Advanced Security
  Click on Windows firewall Properties
  Then clic on Protected network connection
  and here they are :)

• Firewall for iPodTouch

  Hi
  I am not sure if this is the right place to post this question. I want to develop an application that can block the internet access (drop the tcp packets) in an ipod touch. If it was a mac - i would use the IPFW driver. Can i do the same with an iPod touch ? Are there any alternatives ?
  Or atleast is it possible to develop a firewall from scratch for the iPodTouch os ?
  Many Thanks
  Hazem

  Hello Ibrahim,
  Its common sense, a server farm got to be carefully placed into your network.
  You will have the most important information on your company on those serves, why would not you have a firewall for them, would be the right question?
  Each single network has a lot of vulnerabilities, we as security engineers are in charge of reducing the amount of vulnerabilities so people on the outside of our network cannot compromise our servers.
  And that is the whole point of a firewall, reduce the possibility of an attack to our servers.
  Hope this helps.
  Julio
  Security Engineer
  Do rate all the helpful posts!!!

• Firewall for servers

  Hi
  why we need firewall for the server farm?
  thanks

  Hello Ibrahim,
  Its common sense, a server farm got to be carefully placed into your network.
  You will have the most important information on your company on those serves, why would not you have a firewall for them, would be the right question?
  Each single network has a lot of vulnerabilities, we as security engineers are in charge of reducing the amount of vulnerabilities so people on the outside of our network cannot compromise our servers.
  And that is the whole point of a firewall, reduce the possibility of an attack to our servers.
  Hope this helps.
  Julio
  Security Engineer
  Do rate all the helpful posts!!!

• Configure SA520 firewall for 2 ISP (cable & ADSL)

  hi
  Is it possible and howto configure Cisco SA520 firewall for 2 ISP (cable & ADSL) to get load balancing between these ISP?
  THX

  Hello,
  Load-balancing is not suported as the ASA does not supports PBR. You can  try to do some work-arounds to send some traffic from one link but this is not cisco supported. I have seen scenarios about this working so if you really need it you can give it a try.
  Regards,
  Julio
  Do rate all the helpful posts

• Setting up firewall for 10.10 Server

  I know in the past I was using firewall under WGM which gives me access to setup firewall for different VLANs
  now its not available unless I enable Stealth mode and firewall on/off..
  Is there away to setup firewall the old way ?

  Hi
  AFAIK the "Magic Triangle" applies to an environment that also includes OSX Server providing mac-style GPOs - mostly. There's another option called "Cylinder of Destiny" that takes this slightly further although it's still essentially the same. Ultimately what you decide rests on what you want to achieve.
  If all you want is SSO for Users working on mac workstations and nothing else, use what Apple provides in the Client OS. You don't necessarily need OSX Server.
  It's even possible to alter the AD Schema itself and add Apple specific object classes, attributes and values to provide a means for managing users on mac workstations that way. Again you don't necessarily need OSX Server. In addition there are 3rd-Party solutions that don't involve OSX Server you could consider depending on budget and how hard you want to work? Likewise, Centrify and AdmitMAC are three I can think of.
  There's plenty of documentation all over the internet on how to achieve Integration. Its been going on for a few years now. Ultimately how 'successful' it all is will rest primarily on how well your AD is configured. Apple's built-in Active Directory Plug-in in many ways assumes an 'out-of-the-box' AD and ideally an environment that follows Microsoft's Best Practices for AD. I've yet to see one AD that fits that criteria. In some rare cases Integration may not even be possible. You won't really know until you try.
  Tony

• Opening the firewall for programs you can't access via the dialog?

  I have a server program located in /usr/var/ (cumulus) and I need to open the firewall for it. Because Leopard seems to block access to the / directory how can I add that application to the firewall? I can't seem to browse to it...
  Better question still, how can I browse to / directory in the Finder?
  Thanks all!

  schleppy wrote:
  I have a server program located in /usr/var/ (cumulus) and I need to open the firewall for it. Because Leopard seems to block access to the / directory how can I add that application to the firewall? I can't seem to browse to it...
  Better question still, how can I browse to / directory in the Finder?
  Thanks all!
  You cannot browse these hidden system directories using Finder.
  You need to use the Terminal.
  There are free firewall add-ons for Leopard that give you a better control over the firewall. There are also stand-alone firewall replacements. You can google for them, but be careful when you modify the OS. Be sure it is fully backed up, preferably with a bootable clone, just in case.

• Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

  Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

  The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
  AdobeARM.exe - automatic updates - port 443
  AcroRd32.exe - brand messages - port 443
  AcroRd32.exe - links in documents - anything specified in the URL
  Acrobat.exe - brand messages - port 443
  Acrobat.exe - links in documents - anything specified in the URL
  AdobeCollabSync.exe - Tracker review data - port 443
  The same ports are used by the  program components on OS X.
  There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

• HT200259 Configuring adaptive firewall for VNC and RDP connections

  Hello, I'm using Yosemite with OSX Server.  Is there a way of configuring adaptive firewall for VNC and RDP connections?

  Apple has never documented what the adaptive firewall really does, as far as I know. It seems that the built-in network services send it some kind of notification whenever there is a connection attempt. The Screen Sharing service is one of those, so it should be protected. There is no built-in RDP service, so if you somehow added one, it would not be protected.

• How do you turn off SPI Firewall for WRT54G?

  While browsing ebay, I've noticed loading speeds are drastically different with and without the router.  Its faster without the router(normal, est. 5 sec. or less to load an ebay auction page) and slower with the router(est. 25+ seconds to load an ebay auction page).
  Linksys support page does not help. It bluntly states how some software firewalls do not work with the router and to disable and remove the software firewall if any trouble arises.
  I've seen the data sheets for the WRT54G.  Under the data sheet's Firewall tab, there is an option to turn off SPI but mine doesnt have that option.  Im guessing that its a firmware update but I would rather not update if i dont have to.
  If anyone has any ideas on how to do this, it would be a great help.

  What version of the WRT54G are you using ? I'd suggest upgrading the firmware or try reducing the MTU on your router.