Detections
Analytics

Catalina - Enable Firewall Stealth Mode

Information

Firewall Stealth Mode _MUST_ be enabled.

When stealth mode is enabled, the Mac will not respond to any probing requests, and only requests from authorized applications will still be authorized.

[IMPORTANT]
====
Enabling firewall stealth mode may prevent certain remote mechanisms used for maintenance and compliance scanning from properly functioning. Information System Security Officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting not to enable stealth mode.
====

Solution

[source,bash]
----
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6b., 800-53|CM-7, 800-53|CM-7(1), 800-53|SC-7, 800-53|SC-7(16), CCE|CCE-84833-3, CCI|CCI-000366, STIG-ID|AOSX-15-005050

Plugin: Unix

Control ID: 9c1b4d1a71ca0990409daa4d475c89a4fb7c4af8a7282ca249510cfa89236b0d