2.6.5 Review Application Firewall Rules

Information

A firewall is a piece of software that blocks unwanted incoming connections to a system. Apple has posted general documentation about the application firewall. http://support.apple.com/en-us/HT201642 A computer should have a limited number of applications open to incoming connectivity. This rule will check for whether there are more than 10 rules for inbound connections. A firewall minimizes the threat of unauthorized users from gaining access to your system while connected to a network or the Internet. Which applications are allowed access to accept incoming connections through the firewall is important to understand.

Solution

Perform the following to implement the prescribed state: Open System Preferences Select Security & Privacy Select Firewall Select Turn On Firewall Alternatively: Run the following command in Terminal: defaults write /Library/Preferences/com.apple.alf globalstate - int <value> Where <value> is: 1 = on for specific services 2 = on for essential services Impact: The firewall may block legitimate traffic. Applications that are unsigned will require special handling.

See Also

https://workbench.cisecurity.org/files/299

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12)

Plugin: Unix

Control ID: 5a5452add5445a19b1fb33eaf8a6ee3a96c1b6545ba1b16e97e8f6541389e9d5