Setting Firewall on OSX 10.5

Similar Messages

• Hi looking for a bit of free  anti - virus and firewall for osx 10.8.2

  hi looking for a bit of free  anti - virus and firewall for osx 10.8.2 any pointers also any one used Mac cleaner ?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.

• Firefox Beta 36 asks to set Firewall settings on startup every time

  Beta 36 for Firefox starting a few days ago asks to add an exception to the OSX firewall on startup each time. Even if I accept, and enter my admin credentials. Also if I add Firefox in the Firewall settings permanent. It never asked me before the latest beta.
  I am using 10.10.2

  ''FredMcD [[#answer-694455|said]]''
  <blockquote>
  Some problems occurs when your Internet security program was set
  to trust the previous version of Firefox, but no longer recognizes your
  updated version as trusted. Now how to fix the problem: To allow
  Firefox to connect to the Internet again;
  * Make sure your Internet security software is up-to-date (i.e. you are running the latest version).
  * Remove Firefox from your program's list of trusted or recognized programs. For detailed instructions, see
  '''[https://support.mozilla.org/en-US/kb/configure-firewalls-so-firefox-can-access-internet Configure firewalls so that Firefox can access the Internet.]''' {web link}
  </blockquote>
  Thanks for the reply but it is fixed now with a new version, beta 37.0
  The previous Firefox version did not resolve even after I removed and then added Firefox again to the Firewall exception list.

• How to set up sharing OSX - XP : Yes I've done my homework...

  I'm trying to get iTunes' buggy sharing to work. I can honestly say it's buggy by the shear volume of unresolved issues with it if you do some basic Googling on it.
  Here's my situation:
  * I've got iTunes 8 on my Intel iMac OSX 10.4. This is where the music library is located.
  * I've got iTunes 7 on my XP machine
  * I've got it all networked with a fully up to date linksys router.
  * I've tried it with and without the appropriate ports open on the router. No difference.
  I've got sharing configured on both machines. I can see and share files over the network via explorer/finder so I know the network is NOT the issue.
  When both iTunes (XP & OSX) are running I can see my Mac's library from my XP machine when I start it up on the PC. I can play music. So it seems like it should work.
  But then it all goes to heck. At some random point all of a sudden the Shared option in the sidebar of the XP machine just goes away. It's like the Mac just disappears. It's still on the network because I can still access it all via the finder/explorer. So again, it's not a general network fault.
  So my first question is what's causing my PC's itunes to lose its connection with the Mac? Is there some kind of network keepalive setting that I need to set on the Mac?
  If I can't get that to work, I figured my second option was to map a network drive on my PC to the iTunes folder on my Mac.
  So I've got drive M: on my PC mapped to the iTunes directory on my Mac (Machine/User/Music). I go into iTunes on my PC and tell it to look for its library on drive M: I save the options and still stare at a blank music screen on my PC.
  How can I get my PC iTunes to recognize the mapped drive M: as a valid iTunes library? And will doing this mess up my iTunes library because from my research I've seen that there are big differences in how the Mac and PC iTunes manage their libraries.
  Please help. Apple's "support" has been totally worthless on this account.

  I haven't noticed this, but I have "Genius" disabled...

• Setting up an OSX Server as a Gateway between Wan and Lan

  Hi there,
  I just bought an OSX Server License and know im struggeling to setup my MacPro as a Gateway between my Lan and the Internet.
  Im pretty new to these things I´m afraid, so a step-by-step list might help.....
  I setup my en0 as PPPoE to my DSL-Modem what works fine.
  Then i used the Gateway-Setup-Assistant to configure the DHCP,DNS Stuff....
  Unfortunately none of the Clients in my Lan is able to connect to the Internet - the Server has got a connection but doesn´t pass it through somehow, although the Clients in my lan are connected to the Server.
  Apple Resource and Help documentation is no help for me cause it just says use the Gateway Assistant and lean back.
  I hope theres anyone out there understanding my issue and is willing to help!
  Thanks a lot
  Jan

  Make sure you have the NAT service turned. If you can connect to the Internet from the server, but systems on the LAN can't get out, then NATting is the usual culprit! NAT (Network Address Translation) translates your WAN addresses to your LAN addresses. I've been through setting up OS X Server several times and usually end up doing it by hand instead of using the Assistant. I've seen problems in 10.4 server that when the DSL drops for a period of time for some reason NATting turns itself off. Don't know if Leopard server exhibits the same problem.
  HTH.

• How do I set up my OSX Leopard Server to host a website?, how do I set up my OSX Leopard Server to host a website?

  I own a small video game store and want to host my own website since I really don't want to spend the money on a hosting plan. I have a old G5 with OS X Leopard Server installed and have spent many countless hours reading tutorials on how to set it up, but none of them simply tell me what exactly to do. I have a very good knowledge of IT and didn't expect to have this much trouble.
  I would like to set up the server to host the website, and also have it be able to do email as well (have a email address like [email protected])
  I bought a domain from godaddy (www.g4uoc.com) , Have my G5 OSX Leopard Server up and running, have my website all built and ready to go, but I don't know how to set anything up. Can someone help me out at all?

  There are numerous walkthroughs and tutorials on this, I'm surprised you couldn't find something.
  Short answer:
  1) dump your web content (HTML files, images, etc.) into /Library/WebServer/Documents
  2) Configure your router to forward connections on port 80 to your server (the specifics will vary depending on your router make/model)
  3) Use GoDaddy's web portal to setup www.g4uoc.com to map to your router's public address.
  You're done. Remote users will lookup www.g4uoc.com on GoDaddy's servers and will get your router's public address. When they try to connect the router will forward the connection to your server which will serve the matching request from /Library/WebServer/Documents/

• N00b needs help setting up MAC OSX Lion Server for email.

  I recently purchased a Mac Mini running OSX Lion Server and I really don't understand how to set it up as an email server (which was my main goal). Eventually I'd like to set it up to host just about everything else, but I can't seem to figure out how to set up my router and MX records to point to my server in order to host imap mail. I do have a static IP by the way but this N00b is confused... Please help!

  Funny you should ask, because I have been spending the day trying todo the same. I just need to know what to enter into my mx record in network solutions. I can send mail, but I can't receive it just yet. Any help would be great.

• Need help setting up Mac OSX Server for remote/off-site access

  Hello, I want to be able to access our g5 tower running Mac OSX Server 10.5.8 remotely when not in the office. We have a static IP.
  Are there easy step-by-step directions someone could provide or point me to? Thanks a bunch.

  Hi
  its really easy
  You need to have Apple remote desktop
  there are bunch of software s like chichen vnc and etc.
  01. open your router from your web browser
  02. go to nat settings
  03. screch the option calld port forwading
  04. enter the server ip address to that
  05. save and restart the router
  ** What you did so far
  if some one want to connect from your static ip address now it will forwerd to your server. *******
  Go to system preferences (on server)
  go to sharing
  enable remote management
  select opetions which you want
  your done
  2nd part Adding Computer to ARD
  Select All Computer ----> click plus button and select add by address
  put the Address : ip address
  user name : server User name
  password : server password
  eureka
  now you done

• Setting Firewall settings

  This topic originally started in another thread, but I thought it would be a good idea to make it its own topic (just in case anyone else is wondering how to do this).
  So I went to System Preferences> Sharing> Firewall. It says that it's currently turned off. Then below that there's a list of ports to allow access through the firewall. My question is: what the heck are all of those default ports listed there?? I don't know which one's to allow and which one's to block. Any ideas?
  Also in the Advanced settings, what is UDP traffic? Should I block it? Also, when I turn on the firewall, will that block my internet access? Will I have to enter proxy settings for my internet connection?

  UDP is a type of IP (Internet Protocol) port. Many Apple services use UDP. See this article for more on this subject.
  Which, if any, ports you allow open depends upon how you use your Mac. You can chose to allow access to none of the ports listed, if you wish. If you hold the cursor over each port selection, a text box will open explaining the purpose of each. Enabling the Firewall does not, generally speaking, disable Internet access. It may prevent access to certain websites, and require that you confirgure your firewall to allow access to the website. In most cases, you need not enter proxy settings for your Internet connection, but this can depend upon your ISP.
  Joe

• How do I set up file sharing and keep my Firewall on?

  When I turned my Firewall on, I lost the ability to share files and screens on my LAN. When I looked at the advanced settings, I saw that File Sharing, Screen Sharing and Web Sharing were already set to Allow incoming connections but other, related, services, AppleFileServer, httpd, kdc, netbiosd, and screensharingd were set to block incoming connections. I reset the latter to allow incoming connections but was still unable to access my computer from another. Once I turned off the Firewall, I was able to access file sharing and screensharing from another computer on my LAN.
  I have a firewall built into my external router so I have some protection but I still feel uncomfortable with the Firewall on my computer turned off.
  When my firewall is on even with setting up to allow incoming connections, there are lots of console messages like:
  1/8/12 3:00:00.882 PM Firewall: Deny netbiosd data in from 192.168.1.2:51619 to port 137 proto=17
  They go away as soon as I turn off the firewall.
  I did not find the Apple technical article "Set firewall access for services and applications" at http://docs.info.apple.com/article.html?path=Mac/10.7/en/mh18503.html useful at all.
  Any ideas as to what is wrong?

  I normally have a Firewall enabled. I recently had to do an erase and install of Lion, followed by a one-by-one re-install of all of my software. One of the first things I did was to set up all of my System Preferences the way I like them; Turning the Firewall on was one of them. Later I noticed it was off and turned it on again. I had already set up sharing and was surprised to see the problem when I turned it back on.
  As to why do I think it needs to be on. It is another part of my security layer.

• Optimal configuration with new set up.

  I'm getting into my own OS X Server shortly as I was assisting on an already preconfigured set up assisting with fixing remote systems and those typical types of things.
  So I was hoping to get advice on setting up the OSX Server that would benefit me.
  I was thinking of getting the Mac Mini Server to use with Two 13" MBPs, 1 27" iMac i7 and a 13" MacBook.
  Mini Server will obviously have OSX Server & Apple Remote desktop (which will also have another copy of ARD on one of the 13" MBP).
  The 27" iMac, 2x13" MBP & 13" MB will be clients of the Mini Server to distribute packages, software and disk images/installs...etc.
  Optimally i dont have domain or nameserver to utilize with the server and am just using a home network setup with a Time Capsule as the router and a Linksys modem.
  So during set up im not sure if i need alot of the Directory services, nameservers and if or how to set up the email side of things if my main domain is on a shared hosting service elsewhere.
  aside from that there are 2x PPC PowerMac G5's that are in a separate state I need to manage as well and was hoping it was possible to manage them from my out of state location and SL Server?
  thanks!

  You need DNS services running on the LAN. Get that working first.
  Then get OD going.
  Then the rest of the stack; see the set-up and operational documentation.
  While you're working on that, get yourself a server-grade firewall with VPN server capabilities; either a repurposed x86 box with a pair of network controllers or an embedded dual-NIC x86 box (running M0n0wall, Smoothwall or pfSense, etc), or a commercial server-grade firewall product option. That's your path in here, your firewall, your NAT, and the rest of your web-facing router. That (via VPN) is how you'll remote manage, reboot and operate the network.

• Do we still need a 3rd party firewall ?

  Since AEBS comes with a build-in firewall, should we uninstall the 3rd party firewall ? And disable the firewall in OSX altogether ?
  Thanks

  I've found that the new firewall in OS X Leopard is sufficient enough to protect my Macbook Pro while traveling. I have it set to "Set access to specific services and applications". When connected to the wireless SOHO I've also found the AEBS to have a very secure network firewall to protect the WLAN. Even when connected to the AEBS I still leave my Macbook Pro firewall enable so as to not forget when traveling to turn it back on. I haven't noticed any significant drop in network performance leaving it enabled while still connected to the WLAN via the AEBS. To test your firewall use free firewall test sites such as http://www.hackerwatch.org/probe/ Also if you want to encrypt your data then enable File Vault. For added security of your laptop data I'd suggest third party security tracking software such as LoJack or Undercover http://www.orbicule.com/undercover/
  As for the IP address concern this is typical when visiting a website that the site you have specifically asked to visit will be able to see your IP address. You could try spoofing your address but it shouldn't be necessary and it may cause more problems when your surfing. Note: Just because the website you entered can see your IP address does not mean that your IP address is visible to a local hacker sniffing for open ports in your neighborhood. Both Leopard's firewall and the AEBS firewall allow you to set Stealth Mode so as to not broadcast your location and add an extra layer of protection making it more difficult for a hacker to crack your firewall.

• Firewall, port options, blah blah blah

  I have read and searched the forums, yet there doesn't seem to be a clear cut explanation for my issue here. I have been able to perform a video chat with no problem until I changed from my Airport router to a Netgear Rangemax MIMO router. I have looked within this router and set up port forwarding for all ports related to iChat, I have disabled my software firewall in OSX.4 still nothing. I can text chat with no problem. As soon as I audio chat, we both get an error that the other isn't responding. As soon as we video chat, we both get an error that I didn't respond. I checked my firewall log, and it displays as follows:
  Feb 9 12:27:14 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 12:27:17 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 12:27:23 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 12:27:35 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 12:27:59 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 12:28:47 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1060 192.168.1.6:5000 in via en1
  Feb 9 14:39:37 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 14:39:40 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 14:39:46 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 14:39:58 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 14:40:22 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 14:41:10 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1061 192.168.1.6:5000 in via en1
  Feb 9 19:16:22 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1062 192.168.1.6:5000 in via en1
  Feb 9 19:16:25 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1062 192.168.1.6:5000 in via en1
  Feb 9 19:16:31 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1062 192.168.1.6:5000 in via en1
  Feb 9 19:16:43 Plasket-PowerBook ipfw: 12190 Deny TCP 192.168.1.1:1062 192.168.1.6:5000 in via en1
  I get that with the firewall turned off. My powerbook IP is 192.168.1.6, a reserved IP from the router for this machines wireless MAC ID. I have tried assigning a different IP, same result. I have plugged straight into the modem and acquired an IP from my ISP.. same result.
  Any ideas??

  incorrect
  the problem is with apple and america online who provides the service through AIM aka iChat here.
  i knwo many people who can not get iChat to do video conferencing and they spent hours on end going crzy to only find out that it works randomly.
  can anyone explain why it works one day and not the other?

• Is an 'external' static IP address required to set up DNS

  Hi there
  I'm going to be setting up a OSX Server 10.3 machine as an open directory master, to take advantage of single sign-on capabilities.
  From what I have read in manuals and in this topic: http://discussions.apple.com/thread.jspa?threadID=977178&tstart=15 , it is necessary to configure the DNS service first. However, the topic talks about having an external IP address for the server, as well as for the internet router.
  Is this the only method that will work? The network only has one external IP address as far as I am aware.
  Any thoughts greatly appreciated.
  Matt

  The answer is, it depends.
  If you want your server to provide any external services then it will need an external IP address. Now, depending on your network, you may be able to use a single IP address on your router, having it NAT incoming connections via port forwarding - that's a common setup.
  The bigger issue is whether you need a static IP address or can live with a dynamic one. A static IP address is required if you're running certain services such as DNS or Mail. Other services might be able to get by with a dynamic IP, depending on what you're doing with them (for example, it's OK to run a personal web site on a dynamic IP address, but you wouldn't want to do that for a corporate web site that gets a lot of traffic.

• Setting up Open Directory and iCal server.

  Hello:
  I'm new to open directory - please help or point me in the right direction. I'm trying to set up a OSx server 10.5 running on a PowerMac G4.
  I need iCal/DNS/FS/VPN/WEB/Open Directory as services enabled.
  For testing purposes I've set up a small network with three machines all running 10.5.6.
  I've tired over and over to do this via an advanced server but have not be able to get everything to work so I did a basic server allowing the server set up to input all my settings. Everything built and started up without issue but I could not get iCal to work. I let the set up sit over night and when I returned the next morning the MacMini screen had a window saying that a directory server has been found that offers these following services ...WEB - iCal etc. Do you want to configure your workstation. I did and everything worked as aspected. I thought that I finally got it!
  I wanted to see the all of the settings so I converted the server to an advanced server and everything still worked. ( From the one workstation ).
  I imported a users exported file from the server I'm trying to fix then the groups file. Everything still worked from the Mac Mini but I could not connect from the other workstation.
  I never received the Open Directory message about services being offered etc.
  Both machines have identical network settings ( Fixed I.P. pointing the DNS to the server.) AFP sees the server from both workstations but I can not login from the third workstation using any known good user name and password not even the admin or the Macmini account and password that works from the Mac mini. I don't really know anything about open directory, do you need to register the computer name with the server or something to that effect.
  Why would it take hours for that original service offering to go out to the first workstation?
  Thanks for any help you can offer. All of my OSX server experience has been setting up file servers never any of the other offerings.
  Thanks,
  Rick

  Sorry,
  I posted this to the wrong forum. I re-posted in Open Directory.
  Thanks,
  Rick