Is an outbound firewall necessary?

owen

I didn’t realize until today that Macs don’t have an outbound firewall. Is this something to be concerned about for a personal use machine?

Topic: Security
Answer this Question

Answers

2 total
MrsMith
Vote Up (9)

I’d say, no, it isn’t really necessary. A solid inbound firewall is obviously important, but outbound firewalls have little demonstrated benefit that I’ve seen. I guess it could help prevent your machines from spewing out spam (which means you have other problems if you don't work at Spam R US), assuming the outgoing firewall could distinguish between the spam and legit traffic. Others may disagree. Here is an article on the topic that you might like:

http://www.davescomputertips.com/do-outbound-firewalls-really-offer-any-...

jimlynch
Vote Up (8)

Is an outbound firewall needed?
http://ask-leo.com/is_an_outbound_firewall_needed.html

"Firewalls protect you from the certain classes of bad things out on the internet.

Note that's "protect you from them". That implies that the primary function of a firewall is to prevent bad stuff "out there" from reaching or affecting your computer.

My preference is to use a hardware device such as a router with NAT (Network Address Translation) enabled. This does an incredibly effective job of hiding your computer from outside access. You can connect out, but outside computers cannot initiate a connection without your having explicitly configured your router to allow it.

Using a router also takes the burden of that work off of your computer. In fact, a single router can act as a single effective inbound firewall for all the computers that are connected behind it.

An "outbound" firewall looks for threats originating on your computer attempting to connect out to the internet. In a sense, it's "protecting them from you". While that may be very generous of you to protect everyone else from your computer, the real difference is that it will presumably block and more importantly tell you when something suspicious is happening so that you can take corrective action."

Ask a question

Join Now or Sign In to ask a question.
The U.S. Congress is unlikely to pass legislation to end the National Security Agency's widespread collection of U.S. telephone records before leaving Washington, D.C., on a two-month break.
Customers cringe every time they hear about a bank, retail or healthcare hack that puts personal or financial data at risk. Today's hackers are after much more that credit card numbers, though -- and most firms are powerless to stop them.
While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security.
Cisco is bringing technology obtained through last year's acquisition of Sourcefire to its firewalls to enable threat-focused security for enterprises.
Wyvern securely rolls five programming languages into one.
A U.S. appeals court has thrown out a US$368.2 million award against Apple in a patent infringement case brought by patent-holding and software company VirnetX.
The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user's authenticated sessions on other sites.
The attorney general of the U.S. state of Connecticut is concerned about the privacy implications of Apple Watch's handling of consumers' health information.
A banking trojan, known for its small size but powerful capabilities, has expanded the number of financial institutions it can collect data from, according to security vendor Avast.
It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes."
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness