Shields up mac os x

Posted on Aug 17, PM. Page content loaded. If you are behind a router you do not need to worry. If no Router, make sure your firewall is on. Enable stealth mode. Aug 17, PM. Oops: I just realized that grc's ShieldsUP! I must have not clicked some button there. Thus I was just able to verify that the first TCP ports on my iMac are "stealth", that is, invisible to the outside world. And that was without having set the Snow Leopard firewall for stealth mode!

The basic rule is that if you need to enable a service, think about who needs to connect to it, and if you don't need the entire world to have that opportunity, use a more complex firewall rule to restrict it a bit. If you're not running any services, you're not really that exposed in the first place, so you don't need to worry nearly so much.

All replies

If you're not familiar with these terms, don't worry, it's pretty simple. A NAT router supports multiple computers in your home or office, and it does that by handing out Private IP addresses to those machines. These addresses are, according to networking conventions, not routable on the internet. That just means that someone out there on the internet cannot attempt to directly connect to your machines in your house--in effect, the NAT acts as a firewall for you. Pretty much all home connections, and connections in coffee houses and the like use private addresses.

Now this doesn't mean that no one can try to connect to your machine--if someone knows what they are doing and they are in the same coffee house as you, they can try to connect to your laptop from there. But again, the number of folks who can try this is really small compared to the total number of users on the internet. So if you're a laptop user, and you're not running services, and you connect only from your home and a couple of other locations, setting up a complex firewall isn't going to help you much.

For more information see the Wikipedia article on Private Addresses. On the other hand, if you're using a public IP address, you're the world's oyster and anyone on the internet can try to talk to your machine. So keeping the shell closed to a narrow range makes sense. Public addresses are in wide use, for example, at universities and colleges in the USA.

So if you have a desktop computer in your dorm room, and you don't use an address in the ranges above, and you enable some services like File Sharing, or Screen Sharing, or Remote Login, you definitely should look into using a more selective firewall than what's provided by the operating system out of the box.

The first thing to do is to play with looking at the firewall from the command line.

Open the System Preferences, and under Sharing, enable the firewall. Then open a terminal session, and type:. In In this case, my configuration is set up to allow personal file and web sharing, remote login, and windows filesharing. Your list may well vary. Compare the output from the list command to the entries in the firewall configuration of the Sharing preferences.

Now how this works is that packets both inbound and outbound are compared to the list of rules in order, and if a match is found, that action is taken. For example, in the list above, rule is processed first, and it allows any tcp packets that are outbound, so your machine can try to contact any other machine, so outbound packets are allowed out before rule is processed. We're going to be playing with a fairly deep and archane portion of the OS, so you may render your machine unusable on the internet for a while. Do not do any of this unless you're sitting in front of the machine and have some spare time.

The first part of this is pretty safe since all you have to do to get back to "normal" is to reboot and check your sharing settings. If you run the Probe My Ports option from Gibson's Shield's Up , you can see what your machine looks like from the internet with your firewall on assuming, of course, that you aren't behind another firewall or nat--for example, if you're on the UNC campus, the NetBios ports always show as Stealth since access to those is blocked by the main campus router.

Just click that checkbox, and save the changes. A web page should load, the default page for the OS X web server. Follow these folks on Twitter: TrueCryptNext. Given the deliberate continuing licensing encumbrance of the registered TrueCrypt trademark, it seems more likely that the current TrueCrypt code will be forked and subsequently renamed.

Troubleshooting connection on Mac App

In other words. But readily browsable if someone wishes to poke around within the source with their web browser. As the audit moves into its next phase, digging past the startup and boot loader and into the core crypto, updates will be posted and maintained here. Google is generating a false-positive alert Recent attempts to download the TrueCrypt files here, using Chrome or Firefox Mozilla uses Google's technology , have been generating false-positive malware infection warnings. They must be false-positives because no change has been made to the files since this page was put up nearly a year ago May 29th, and many people have confirmed that the downloaded binaries have not changed and that their cryptographic hashes still match.

We have no idea where or why Google got the idea that there was anything wrong with these files.

Troubleshooting connection on Mac App – Hotspot Shield Help Center

But that does misfire occasionally. We expect it to fix itself within a day or two.

Mac Security

And then the TrueCrypt developers were heard from. Verifying the TrueCrypt v7. Gibson Research Corporation is owned and operated by Steve Gibson. The contents of this page are Copyright c Gibson Research Corporation. GRC's web and customer privacy policy. Final Release Repository.


  • change file folder icon mac.
  • Download Unlimited VPN for Mac | Hotspot Shield?
  • Exclude files from scanning!
  • comment booster sa connexion wifi mac.
  • Anything for OS X like ShieldsUP? - Apple Community.

No significant cryptographic problems found And see why the TrueCrypt spinoffs are violations of the TrueCrypt license. Time to panic? In other words, we're on our own.