Menu
A Guide for Firewalling Your Network Connections: Windows, MacOS and Linux

A Guide for Firewalling Your Network Connections: Windows, MacOS and Linux

One of the other ways one can secure their connection to the Internet is to make sure that all incoming and outgoing connections are being passed through a Firewall. This enables a trust vector in assuring your install applications aren’t connecting to or receiving connections from shady looking servers. The program choice is really up to user-preference so the ones listed here may not be ones that you trust, or have heard good things about. Nonetheless, these are the ones I have used before and was done well by.

Windows

I haven’t spent an incredible amount of time using Windows while on this security/privacy kick but the time I have spent using it, I was doing my best to make sure my security was top notch. I haven’t been in the “Windows Scene” recently but I am still hearing good things about PeerBlock and Comodo Firewall as standalone firewalls for your system. PeerBlock has been out of development for quite a while though so I am skeptical but Comodo is still being actively developed. Personally, I like Kaspersky as an all in one but something with more versatility like Comodo is nice. The idea is to have something installed that will alert you with connection attempts both incoming and outgoing. Windows isn’t very secure in and of itself so an all in one antivirus/malware, and firewall like Kaspersky might be your best bet. You would also be wise to install something like Malwarebytes Anti-Exploit to help shield you from exploits that attack things on your system like Java, Flash, PDF Readers, and media players.

Mac OSX

Generally, OSX is a lot more secure than Windows because of the design. Everything is compartmentalized and the sandboxing on OSX is significantly better than Windows. However, right out of the box, a brand new Mac is not as secure from adversaries in 2016 as it generally was in 2010. You need to spend some time to get a very good level of security if you want to be safe online. Especially if you are an individual combatting hackers, government-level adversaries, and the like. For starters, head into your security preferences, turn on OSX’s native firewall, enable stealth mode, and do not allow signed software to automatically accept incoming connections. This will do a really good job of protecting you from the outside in and stopping attacks before they do damage. Then, you need to make sure you are protected from the inside out and buy yourself a license for LittleSnitch. It is without a doubt the best Firewall solution for OSX that deals proactively with outgoing connections. This stops applications you have installed from accessing the Internet without your consent and only on the ports and duration that you specify. Once you have read some tutorials on how to use it, start playing around with the settings. After a while, you should be able to get some really good profiles working for different environments. I have one specifically designed to block all connections when I connect to an unknown network. And another that restricts my system to the very basic necessary services for OSX to run then only allows the Tor Browser on top of those. With the addition of my VPN connection, this makes sure that my IP isn’t leaked when I am looking for anonymity. Another good consideration is to install BlockBlock and KnockKnock from objective-see. BlockBlock monitors the persistent locations in OSX and gives you an alert when an application tries to write to one of these locations. This protects you from malware that is trying to keep itself running and active even after reboot (hence the “persistent” terminology). KnockKnock tells you what is already persistently installed on your Mac and gives you a good breakdown with VirusTotal integration to determine if these items are to be considered malicious or not.

Linux/GNU

IPTables is the generic firewall that ships with all distros of Linux to my knowledge but it is a pretty sharp learning curve if you aren’t a Linux Guru. If the Linux distribution you are running is going to be on a server without really any graphical interface, CSF is a really good addition that works alongside IPTables nicely. CSF stands for ConfigServer Security & Firewall and comes with both stateful packet inspection and login/intrusion detection. However, if you are going to be using a graphical version of say Debian for your home/work computing, you could consider using a firewall like Zentyal (https://wiki.zentyal.org/wiki/En/3.5/Firewall) or ClearOS (https://www.clearos.com/resources/documentation/clearos/content:en_us:6_custom_firewall). But because on personal computers there aren’t remote connections or anything like SSH running, you don’t really have a need for a firewall if you trust the applications you are installing. Here is a good article on whether a firewall is needed for Linux/GNU based operating systems: https://askubuntu.com/questions/344176/do-i-need-a-firewall-for-my-desktop. I have never used one in my days of running Debian, BackBox, and Kali on my laptop.

As you can tell from the above, OSX and many forms of Linux/GNU are more secure out of the box than a Windows install is going to be. Microsoft is getting better, but damn they aren’t to the point of not needing protection yet. I would say the best bet for someone needing really good security/privacy/anonymity with their OS would be to install Debian or Qubes (both discussed further later on). I like the look and feel of Debian as a personal computing OS but am still true to OSX for most things because it is what I have used for the last 4 years. But don’t get me wrong; there will always be a VM of Debian and Kali available on my desktop!