Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 15138 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall management

nokky

I have just installed Sophos on Snow Leopard. Before having any anti-virus software installed, I had the native Mac OS firewall enabled under System Preferences. After installing Sophos, should I disable the built-in Mac firewall ? Thanks.

:1016421


This thread was automatically locked due to age.
  • 0

    SAV for Mac has the ability to scan local disk (internal and external), scan network drives, and also protect you while browsing the internet and downloading files.  However there isn't a firewall component so you can keep the OS X firewall enabled.

    :1016427
  • 0

    If you are behind an NAT router, Network Address Translation (and most routers are), you don't need the firewall enabled. Being behind a router keeps you from being directly exposed. But do make sure the router firewall is on and that remote access is disabled or not allowed. Also there has been a recent spate of disclosures of vulnerabilities in routers, which I understand affected manufacturers are now patching. Make sure you have the latest firmware for your router, or contact the manufacturer to find out.

    http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/

    http://www.theregister.co.uk/2014/01/06/hacker_backdoors_linksys_netgear_cisco_and_other_routers/

    :1016435
  • 0
    brvx wrote:

    If you are behind an NAT router, Network Address Translation (and most routers are), you don't need the firewall enabled. Being behind a router keeps you from being directly exposed. But do make sure the router firewall is on and that remote access is disabled or not allowed....

    Both links make very interesting reading indeed, and the advice to actually check the router's firewall can't be reiterated too often, because it appears Verizon, and perhaps other ISP's, supply routers with the firewall off (mine was), and the reason tech support gave when I asked why was that it reduced tech support calls.:smileysurprised:

    But turning the OP's question around, is there any harm in leaving the Mac's firewall on, even if it's just redundant?

    :1016443
  • 0

    No harm, although it may just steal some CPU cycles and slow things down imperceptibly, depending on the speed of the processor to begin with. FYI: Verizon's FiOS router, the Actiontec MI424WR has a remote access backdoor on port 4576, with no way to disable it. It's hard coded into the firmware. It's why I stopped using it almost as soon as I started. Best routers are those which can use Tomato or DD-WRT firmware, which allow a lot of latitude, safety and customization, often on relatively inexpensive routers.

    Verizon keeping the firewall turned off by default sounds pretty scummy. Another thing I discovered was that on my Verizon home page (they are my ISP) the default wireless WPA2 password (the one on the router label itself) is clearly shown. So, anyone happening to guess my PW or hack my Verizon account would be able to see that. Of course, the first thing I did on that router was to set a unique shared key password, so that really didn't matter. However, a Verizon rep told me that eventually the actual PW would appear. I think he was talking through his hat, since this never happened. VZ told me that they do this for "user convenience," so when someone calls in for support they can find it right away. Really unbelievable. Like someone wouldn't be able to just lift up the router and look at the label. Oh, and you should always change the router admin PW to something unique. On many routers it will simply be "password."

    :1016445
  • 0
    brvx wrote:
    ...FYI: Verizon's FiOS router, the Actiontec MI424WR has a remote access backdoor on port 4576, with no way to disable it...

    Wow! Now that's something to worry about. The links you provided emphasize the weakness in the named routers was mostly related to wireless. Does that apply to the Actiontec too or is the backdoor open for hardwired connections also?

    :1016447
  • 0

    I'd imagine either ethernet or wireless wouldn't make any difference. I'd give VZ a call to find out if they're still doing that in the latest firmware. But I'm guessing they are, in order to apply firmware updates automatically and do other admin stuff.

    I'd try to get someone higher level, as the reps at the lower level often don't know very much. Even a higher level rep had to call Actiontec to confirm that the backdoor couldn't be removed.

    :1016449
  • 0

    Thanks everyone for all the helpful advice. Much appreciated.

    :1016467