2.5.2.1 Ensure Firewall Is Enabled

Information

A firewall is a piece of software that blocks unwanted incoming connections to a system. Apple has posted general documentation about the application firewall:

http://support.apple.com/en-us/HT201642

Rationale:

A firewall minimizes the threat of unauthorized users gaining access to your system while connected to a network or the Internet.

Impact:

The firewall may block legitimate traffic. Applications that are unsigned will require special handling.

Solution

Graphical Method:
Perform the following steps to turn the firewall on:

Open System Preferences

Select Security & Privacy

Select Firewall

Select Turn On Firewall

Terminal Method:
Run the following command to enable the firewall:

$ /usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.alf globalstate -int <value>

For the <value>, use either 1, specific services, or 2, essential services only.
Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.security.firewall

The key to include is EnableFirewall

The key must be set to <true/>

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-6(1), 800-53|AU-7, 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|IR-4(1), 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, 800-53|SC-7, 800-53|SC-7(5), 800-53|SI-4(2), 800-53|SI-4(5), CSCv7|5.1, CSCv7|9.4, CSCv7|9.5

Plugin: Unix

Control ID: 1cd6e1bfca8f2ed3d700cb50f551532c3c2826ff57083e3c010e70b2de475d06