2.6.5 Review Application Firewall Rules

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A firewall is a piece of software that blocks unwanted incoming connections to a system. Apple has posted general documentation about the application firewall.

[http://support.apple.com/en-us/HT201642](http://support.apple.com/en-us/HT201642)

A computer should have a limited number of applications open to incoming connectivity. This rule will check for whether there are more than 10 rules for inbound connections.

Rationale:

A firewall minimizes the threat of unauthorized users from gaining access to your system while connected to a network or the Internet. Which applications are allowed access to accept incoming connections through the firewall is important to understand.

Solution

Perform the following to implement the prescribed state:

1. Open System Preferences
2. Select Security & Privacy
3. Select Firewall Options
4. Select unneeded rules
5. Select the minus sign below to delete them

Alternatively:

1. Edit and run the following command in Terminal to remove specific applications:

/usr/libexec/ApplicationFirewall/socketfilterfw --remove </Applications/badapp.app>

2. Where </Applications/badapp.app> is the one to be removed

See Also

https://workbench.cisecurity.org/files/2105

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 1c74dfcb06551bfeee740f5f4dfdc4e46d4e1812815b515d54e34aae1dee3103