General OS X Firewall questions

Hi everyone. Hope someone can provide some info on OS X Firewall stuff.
(Wanted to post a screen shot, but it looks like I can only post text...)
1. There are discrepancies between what System Profiler says about Firewall and what the Firewall Preferences panel says. E.g. "Stealth Mode": Pref panel = ON, Profiler shows it as "OFF". Who's right?
2. What is the "????" app set to allow all connections that's at the top of the list in the Profiler info? How can I get rid of it? It's not anywhere in the editable list in the Pref Panel.
3. How do I turn on FW logging?
Thanks for any info!
Message was edited by: nsn-rwc

I took a look at the com.apple.alf.plist file in /Library/Preferences/ and it indicates that Logging is enabled and stealth mode is enabled, although both of those indicate off in the System Profiler. My only guess is that System Profiler is not looking at the right info for those states.
My list of firewall apps was correct, though.
Initially, system profiler had an app that wasn't in the list in system prefs. I deleted an item from the list and then re-ran system profiler and the missing app disappeared from System Profiler. In my case, it was an app that I had deleted. So, the plist might still hold the file signature, but when you open the System Pref, it validates the signature against the app to display the correct name. That may be what happened with your '????' app.

Similar Messages

  • Two firewall questions...

    I went into my firewall to configure it for the World of Warcraft downloader (although it didn't appear that I needed to after the fact). Two questions...
    By default, is "Network Time" the only box that should be clicked?
    Is there any negative to operating in "Stealth Mode"? Particularly, it would seem that this mode should be the default, based on the use of programs like Zone Alarm.
    Thanks!

    1. yes
    2. no

  • Coherence and iptable firewall Question

    We have Coherence deployment on 3 linux virtual servers running behind firewall. The deployment is as follows..
    Server 1 - 2 WKA Nodes (Cache Servers) and 7 Storage disabled application Nodes
    Server 2 - 1 Storage Disabled application Node
    Server 3 - 2 WKA Nodes (Cache Servers) and 1 Storage disable application node
    Now the Question is.. do we need to open up firewall for all the local ports. Is there a way to avoid opening up these many ports?

    my say on this one is if the router is working fine dont upgrade the firmware, because whenever you upgrade the firmware of a router there is a itty bitty chance of bricking the router and since you told me that it is about 3 years old its already out of warranty. but if you want to upgrade the firmware of the router you can get the firmware at linksys.com/download, if you are just using the router for basic internet access and you are not changing any advanced configuration i say stick with your current firmware esp if you are not having problems with the router.
    "Love your job but never love your company. Because you never know when your company stops loving you"

  • Firewall questions

    I am new to the forums but am glad I found them. Some of the posts have really helped me solve some thorny problems.
    I have a couple of questions about firewalls and security. I have a macbook pro and a macbook air both using 10.5.7 connected to the latest version of airport express newly purchased. File sharing is turned off and the firewall for each laptop is set to only receive essential services. The router has a WPA2Personal setting and password.
    I used the Network Utility app and used one laptop to "ping" the other and received the following result: 10 packets transmitted, 0 packets received, 100% packet loss." I used the second laptop on the first and received exactly the same result. Does this mean an outsider will not be able to ping my wireless network successfully?
    Second, how can I test the firewall of the router? What is a program actually testing when it does so? Is it testing the firewall of the router or the initiating computer?
    Thanks.

    Everything passed except the ping test. Does this mean that the router is responding to the ping or is it my laptop?
    The router.
    If so, why did my internal ping test pass?
    Most likely the OS X software firewalls used on your computers is set to "stealth" ports. The AirPort Express does not employ this feature.
    Also, what do I do next? Adjust the security settings on my laptop? Is there a way to adjust the settings for the router?
    Responding to pings is not necessarily a security risk. As you can imagine, there are differing opinions on both sides of the argument, whether or not, having completely "steathly" ports is critical. The combination of a modern Internet router plus a software firewall is quite effective in preventing "attacks" from the Internet. If you require complete stealth, then you will have to look at another vendors' product that offers this. For example, my wired Linksys BEFSR81 completed the GRC test will all "greens."

  • Firewall question -pls help

    okay - so i was reading about system profiler today and opened it and clicked down through the various catogories then I come to Firewall- and it reads
    "Firewall Settings:
    Mode: Allow all incoming connections"
    Now this rings alarm bells - I thought my firewall was on. I go to system preferences and look in Internet& Network> Sharing as this is where (in previous operating systems) I remembered the firewall was set - except it isn't anymore. All the sharing boxes are unticked. I go into security and there is Firewall. "allow all incoming connections" is ticked.
    1) This is presumambly where i turn the firewall on or off, right?
    2) Allow Only Essential services? What does this mean - the firewall is on? what constitutes an essential service?
    3) Hypothetically could my computers privacy been compromised?
    4) Has my firewall potentially been like off since i upgraded to leopard?
    Am feeling a bit stupid right now. Any help graciously accepted!

    No such thing as stupid questions...
    -This will take you trough the basic settings done on a mac to secure it:
    In System preferences go to Security > Firewall, the default setting is "Allow all incoming", this does not compromise your privacy, only that Mac OS X will decide what it needs. I´d go for "allow only essential services" then press "Advanced", from the drop down choose "Enable Firewall Logging" and "Enable Stealth Mode".
    In the Sharing pane make sure no boxes are checked.
    Thats the basics, if you wanna secure your mac in such a way that it would make Fort Knox look like a 7/11 go here for further tips :
    http://www.macshadows.com/kb/index.php?title=HardeningMac_OSX
    ....but this might be a bit over the edge for the normal user
    Best o´luck

  • Need Help on one Firewall Question

    Hi All,
    I am using cisco asa in my environment and which is connected to l2. One server and one router is also connected to L2. Now i want to access port 80 on my server from outside.
    How its possible if the server gateway is routers ip and i don't want to add static route in router or server towards the firewall. Nat and access List is done on firewall. what else i can do on firewall to access port 80 of my server from outside. Dont want to change anything on router/server.
    Below is the IP detail
    1. Firewall inside 192.168.1.1 & Outside 1.1.1.1
    2. Router IP - 192.168.1.2
    3. Server IP - 192.168.1.3 & GW - 192.168.1.2

    Hi,
    Well the only ways I could think that the connections could be gotten working would be
    Policy Based Routing on the Router that would forward the web servers traffic through the firewall instead of the routers default gateway (even just the return traffic for web connections)
    Configuring NAT on the ASA firewall so that all traffic from the Internet would be NATed to an internal IP address from the network 192.168.1.0/24. This would mean that the server would be sending the traffic to ASA instead of using its default gateway. And this is ofcourse because the server would be seeing all connections coming from its connected network and wouldnt have to use the default gateway.
    You havent mentioned what type of NAT you are doing on the ASA for the server Static PAT or Static NAT. Static PAT would be forwarding a single (or several ports) only while Static NAT would be dedicating a single public IP address for the server.
    I would imagine that you would have to configure 2 separate NAT statements
    Dynamic Policy PAT for the External hosts
    This should NAT all traffic coming from the Internet to the IP address of your ASAs "inside" interface WHEN the destination is the public IP address of your Web server.
    access-list POLICY-NAT-WEBSERVER remark NAT inbound web traffic to an internal IP address
    access-list POLICY-NAT-WEBSERVER permit tcp any host 1.1.1.1 eq 80
    nat (outside) 100 access-list POLICY-NAT-WEBSERVER
    global (inside) 100 interface
    Static NAT or Static PAT for Web server
    Either of these NAT configurations should forward the connections to your Web servers public IP address on port TCP/80 to the Web server.
    Together with the above NAT configuration the return traffic from the Web server should flow back through the ASA.
    static (inside,outside) 1.1.1.1 192.168.1.3 netmask 255.255.255.255
    or
    static (inside,outside) tcp 1.1.1.1 80 192.168.1.3 80 netmask 255.255.255.255
    If you are using the public IP address on the ASA "outside" interface then replace the 1.1.1.1 with "interface". The IP address 1.1.1.1 stands for a public IP address that you might use.
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed
    - Jouni

  • More 10.5.1 firewall questions

    Well, I confess I do not have Leopard installed yet. But I am planning on upgrading soon, and I've been reading about the firewall fuss with great interest, and I'm too curious to wait until I actually have it installed to ask some questions about it. I think I have absorbed most of the discussions and controversies and what 10.5.1 has addressed, but I do have a few points of confusion:
    1) From this article <http://docs.info.apple.com/article.html?artnum=307004-en> and this article <http://www.heise-security.co.uk/news/99104>, it sounds like in "Allow only essential" mode, any root services except the few listed are blocked, but in "Set Access" mode, they are all by default allowed incoming connections, unless explicity blocked (which assumes that you have knowledge of their existence). What could the possible rationale of this be? Why shoudn't there be a "Allow only essential, with these few exceptions that I am granting" mode?
    2) Does "Allow only essential" now really mean that? Can we take that literally now? Does that mean in this mode, only those few listed services will accept incoming connections? No signed applications, either signed by Apple, or previously signed by user authorization while in "Set Access" mode?
    3) Does the signature of an "auththorized" app carry over if it is copied to another machine? If I make a copy of a signed app and copy it onto my friend's computer, will it still be signed and sneak through the explicit authorization process? Or is the signature machine-specific?
    4) On this page <http://www.macworld.com/article/131116/2007/12/firewall.html> is a screenshot showing a sample list of "authorized" applications-- on this list are apps like Safari and Cyberduck. I don't understand-- these are not server apps, why would you have to authorize incoming connections for them? Shouldn't these apps work even in "Block all connections" mode?
    5) On the firewall screen is the statement "Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific programs." I guess I don't understand what it implies and why it is there. Does "normally" mean in "Allow all incoming connections" mode? In that case Mac OS X isn't doing squat, it's simply allowing everything through. Does it mean in "Essential" mode? In that case Mac OS X isn't really applying any brain power either, it's just blocking (mostly) everything. To me, that statement sounds like it's trying to say "Mac OS X does a pretty good job of figuring stuff out on its own, but if you really want to be picky...", when in reality, Mac OS X "normally" isn't really determining anything. Am I missing something?
    Thanks for satisfying my curiosity...
    -dave

    Leopard "stealth" is for squat. I just switched from a failing motorola router to the airport extreme with the extra ethernet ports in back. The moto had a firewall and a stealth button.
    https://www.grc.com/x/ne.dll?bh0bkyd2 scans your computer and is quite handy.
    With the moto router and no mac firewall / stealth enabled, every square was green (stealthed), I was completely invisible. Shields Up, that link, called that an uncommon and very good situation.
    With the airport extreme and mac's firewall enabled for essential services and stealth selected, I've got 7 stealthed ports, and 1,048 ports reporting back to the test as closed, and none open. No change from no fire wall, no stealth in preferences/security/firewall. My computer acknowledges itself to outside probes now. Not the best state of affairs.
    I don't see anywhere in the airport utility where one can enable a firewall upstream from the computer. It's nice with the AE that everything plays together easily, but as for stealth.... squatola. Anybody can see you, so use modern encryption, like a previous reply said; WPA2/WPA2-Personal.
    Maybe X.5.2 will beef up the security a little. Maybe X.5.2 will fix iCal's custom repeating event no show bug too. Doubt it though.
    Anyway, Mac still rules. All your bases are belong to us.

  • General java sound capability questions

    im trying to get a handle on the basics of what i can do with sound in java. ive read a lot of pages but there are still some ambiguities.
    what i want to do ideally is have an applet that takes sound from the client microphone and records the sound file on a server. so:
    if this were an applet, would it require me to first save the sound file locally (and therefore sign the applet?) or can the sound be saved in memory somehow without creating a "file" per se - then moved to the server? if it could be done does it require JMF?
    i read that an applet cannot convert the file format client-side. does that mean the file would have to be uploaded in an uncompressed format?
    a java webstart app is also acceptable for my purposes. can someone advise if that is the best way to go?
    can a web start app do the following:
    - connect to a database (on the server)?
    - record / compress / upload a sound?
    if so, i guess java web start is the way to go... if you know any good resources for any of these issues please let me know... thanks!

    BamaColtsFan wrote:
    Hey Gang,
    I know that the general rule here is to try your code first then ask why it doesn't work but my questions right now are more conceptual than anything else. I know a little (very little, really) about Java and some of it's capabilities. I've been thinking about possibly converting a MS Access Utility that I use into a Java program. The MS Access version can be a little unstable and I think by moving to Java, I can eliminate that problem. But, I want to be sure that Java can do everything I need it to do before I spend a lot of time only to find I can't get there from here. These are my initial questions:
    1. I have to run several reports from a large Oracle system. Currently, I export the data as Excel files and link the Access database to them. Using Java, will I be able to export as text files (daily) and have the program read the text and treat it like a database file? The short answer is NO. The more lengthy answer is yes, but you can attach to Excel spreadsheets through ODBC (JDBC/ODBC Bridge) and use them as a database the same way Access did.
    2. Part of the output of the Access database feeds MS Word mail-merge documents that are used to send e-mail messages. Will Java format and send e-mail via Outlook? NO, but you can send mail with the Java Mail API.
    3. The second half of the output is an Excel Workbook with re-formatted and cleaned report data from the original files. Can Java dynamically pass information to Excel and create the various worksheets necessary to display the data the way management wants to see it? NO
    Now having said all of that, there is the Java interface through OpenOffice, which will support MS-Office documents. The MS Office products are Windoz specific, and as such, there are some 3rd party Classes out there that will interface to them, but not directly from Sun's standard API.

  • General Sun JES Directory Questions

    I'm doing some research for a program at work. I have a few general questions that I hope someone knowledgeable about the Sun JES directory can answer.
    1. How does the Sun Directory control access to resources?
    2. How are groups formed and maintained?
    3. How does the whole access control scheme work?
    I know these are very broad, but any info you can either provide me or direct me too will be greatly appreciated. I haven't had much luck researching this online. Thank you.

    The Sun ONE Directory controls access to resources usually using aci's, which can be created at different branch points and allow differing permissions. This can also be done using RBAC (Role Based Access Control), where a role can be created, assigned to a user object and then aci's assigned to that role.
    There is a chapter in the Administration Guide on permissions and setting them in the directory.
    With regards Groups, there are two kinds, Static and Dynamic. Static Groups are defined by users creating them and then manually assigning user objects to them. Dynamic groups are created by LDAP searches which populate the groups based on an attribute or search criteria which links all the members.
    You can set aci's to the branch points in the directory dependent on group membership if so required.
    The chapter in the Admin guide which is about Access Control is:
    http://docs.sun.com/source/816-6698-10/aci.html
    If you have any further questions, please post them and im sure someone will respond.
    Thanks
    ndrb

  • General CS4 Trial Conversion Questions

    Well, this doesn't have to do with After Effects specifically but this was the most active section and there wasn't a section that dealt with general questions. I'm currently an owner of the Creative Suite 3 Master Collection. I'm about to buy the trial DVD set for the CS4 Master Collection. However, I was curious as to what additional content specifically will I have to download when I convert my trial to the full product. The reason for this is that I'm a little bit pressed for space. So if anyone has bought the trial and then converted, can you tell me what additional download content is there specifically?

    I don't think it's anything too important. Just some optional plugins, scripts and templates/ stock files for Photoshop and InDesign and some additional templates for Encore. If you are not using any of them, then you will not need additional space. Most other components are already on your drive once you install the trial, they are just inert and will only appear once you input your serial. Premiere and Encore will install some CoDecs for HDV, MXF and other formats, AE will enable mochaAE, the CC Plugins and Keylight...
    Mylenium

  • General feedback, comments and questions

    Background: Written many web applications over the years (Java [cocoon, struts, home-grown frameworks], ISAPI, cgi-bin), and also worked with RAD tools like Delphi doing client/server apps. Consequently, JSF looks very interesting to me, especially when you consider .NET and Web Forms. Here are my comments/questions:
    -     The name �Request Events� is confusing. Should be �UI State Change Events� or something.
    -     Why isn't there a subclass of FacesEvent for �Request Events�?
    -     Are there any standard events that all components respond to? (i.e page lifecycle events)
    -     Is there anyway to explicitly state that a component responds to specific types of events (like the way Validators tell you what types of attributes they respond to)? What I�d like to see is the ability to generate an Events tab in the development tool, like most modern RAD environments.
    -     In order to take advantage of a central dispatching mechanism (ApplicationHandler), it would make sense for all pages to flow through the FacesServlet. Is there a pass-through mechanism that doesn�t require a response tree, or would this just be some type of application event? In other words, how does FacesServlet process requests that aren�t mapped to a component tree?
    -     Can you give us an idea about how the model references will work, and what the standard way for the application handler (and its delegates) will get a handle to a model reference will be? (i.e. session parameter).
    -     Why use UIParameters instead of attributes?
    -     I understand that grid and table display functionality is handled by standard Renderers. I still think that JSF needs to have a more complete standard suite of components as well, including grid and table components that can be bound directly to collections and ResultSets. (I know this isn�t EJB-friendly, but in reality many servlet-based applications don�t use EJB). Just requiring a UIPanel alone and the appropriate Renderers isn�t enough. I think that in order for JSF to be successful, it must have at least the standard components that .NET does.
    -     This is a minor detail, but shouldn�t there be a simple addMessage(Message message) method on the FacesContext instead of requiring you to send in null?
    -     You should be able to declaratively associate an ApplicationHandler � you shouldn�t have to add a ServletContextListener to do this.
    -     You should be able to specify a RenderKit for an entire application declaratively. This brings up the question of whether or not an application-wide context is needed (or if the JSF implementation should just subclass ServletContext).
    -     You should also be able to specify the RenderKit for a given session as well as a specific Tree.
    -     Currently, I don�t see any support for modifying the render kit in the JSP implementation. Shouldn�t this be an attribute of the <faces:usefaces> tag?
    -     I�m worried about the performance implications of this design for more complex user interfaces with many controls on a given page. I�ve seen others raise this concern as well, especially when you consider the overhead of copying component values, and constantly traversing the component tree. I recognize that there are a lot of places where object pooling can be used (Renderers, the components themselves, LifeCycle objects, etc.), but does anyone have any specific comments on how this can be achieved with minimal overhead, especially when you consider that a given application may have filters and additional logic in the ApplicationHandler (that may in turn talk to the EIS tier).
    I�m glad to see that for events, encoding, and decoding, you can either handle it directly in the component or delegate it to the proper handler (either a RequestEventHandler or a Renderer). This addresses the fact that in-house controls will likely be bound to a specific client device (at least originally).
    In general, I think this is a great move forward, and it�s one thing that we�ve been lacking for a while (there have been many non-Sun efforts on this front for a while, but we really need a standard if Java is going to remain the preferred platform for rapidly building web apps).
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Kito D. Mann
    [email protected]
    Virtua, Inc.

    In regards to my third point:
    - Is there anyway to explicitly state that a component responds to specific types of events (like the way Validators tell you what types of attributes they respond to)? What I�d like to see is the ability to generate an Events tab in the development tool, like most modern RAD environments.
    I just realized that this is handled implicitly by the fact that all UIComponents are JavaBeans. JavaBeans supports this via EventSetDescriptors. This is what happens when you haven't worked with any GUI tool kits (like Swing) for years :-). It'll be nice to see this functionality in the servlet world.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Kito D. Mann
    [email protected]
    Virtua, Inc.

  • How do u creat BIOS recovery disk + nvidia firewall question.

    WooooHOoOOO....
    after re-formating a dozen times, busted SCSI config, messed up driver install, I FINALLY GOT this board working at 100%!!!
    This mobo powered through my entire DOOM 3 Odyssey to Hell NON-STOP without a SINGLE CRASH!! Definitely a good testament to this board's quality.
    Now for the final few noob question, how do I create a bios recovery disk just in case things happened.
    lastly... how do you properly setup the NV Firewall? After enabling it, none of the other computers in my network can see this computer with the MSI Board, so file and printer sharing all stops when the firewall is enabled.
    Anyone here has a walkthrough on the firewall?
    ONCE AGAIN...thanks to all who helped me!!!

    i havent got my nvidia firewall to work imma wait until they release better drivers for it but for creating the bios recovery disk i think if u use msi's live update it will ask u if u want to create one or not.

  • Virus Protection and Firewall Question

    I just switched from a PC to a Mac. Should I download virus protection and if so which one is best for a Mac? Also, I believe my computer came with the firewall turned off... should I turn that on?

    Should I download virus protection...
    No. The OS has built-in recognition of known Mac malware in files downloaded from the Internet. All commercial "anti-virus" products for the Mac are worse than useless. Do not install any of them.
    ...and if so which one is best for a Mac?
    Your mind. All Mac malware takes the form of trojans, which depend on the victim's ignorance to be installed. Don't be ignorant.
    Also, I believe my computer came with the firewall turned off... should I turn that on?
    Not unless you are on an untrusted network, such as a public hotspot, and have services enabled in the Sharing preference pane. Under any other circumstances, the firewall should be left off.

  • Offer a Noob help? General one key recovery question

    So I'm new to laptops, especially Lenovo, and when I got my laptop I had barely found out about the One Key Recovery Backup application AFTER I installed quite a few games. So I decided to make the backup but it ended up being 49GB so I put it on my Harddrive.
    Now I found out that there was a partition for the backup but mine is only like 23GB. It's too late for me to make a new backup now since I have added way more stuff.
    I was wondering if there is some way that I can go and delete files I had IN my backup?
    The reason this backup is a problem is because I'm runing out of Hard drive memory because of this backup
    Thank you

    hi Andy16,
    Welcome to Lenovo Community Forums!
    Once you created the Backup File (backup.wsi files) I don't think you can open that and delete some files in side it,
    Also not Possible Doing a selective Current system Back up.
    If I understand you correctly you want to do another back up aside from the First one you made (the 49GB), But right now you're running out of disk space?
    Regards
    Solid Cruver
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
    Follow @LenovoForums on Twitter!

  • Mac OS X Server 10.5.8 firewall question

    Hello,
    I'm a network administrator in a company, and we use Mac OS X server 10.5.8, with Mac clients.
    I have a problem with the adaptative firewall : when someone wants to connect to the server (by using the finder, and "connect as"), if the password is not correct, the adaptative firewall just cut the access of the client for all (It's a DHCP and DNS server, so there is no access anymore to the LAN and the web).
    I would like to know if there is a way to make the client blacklisted after 3 bad login attempts, not just only one. I used the afctl command, but it's apparently not possible to manage this problem with that (just the time of blacklisting).
    Thanks a lot in advance.

    I don't have a solution for you. But I do remember reading about this one. Apparently what happens is that beneath the surface, the connection attempt is repeated on failure, using differnet authentication protocols. And so one user login attempt with a bad password, leads to three attempts beneath the surface, and "the boot". But unfortunately I don't remember what the solution is, as I was researching for a completely different issue when I read this.

Maybe you are looking for