Is an outbound firewall necessary?

owen

I didn’t realize until today that Macs don’t have an outbound firewall. Is this something to be concerned about for a personal use machine?

Topic: Security
Answer this Question

Answers

2 total
MrsMith
Vote Up (9)

I’d say, no, it isn’t really necessary. A solid inbound firewall is obviously important, but outbound firewalls have little demonstrated benefit that I’ve seen. I guess it could help prevent your machines from spewing out spam (which means you have other problems if you don't work at Spam R US), assuming the outgoing firewall could distinguish between the spam and legit traffic. Others may disagree. Here is an article on the topic that you might like:

http://www.davescomputertips.com/do-outbound-firewalls-really-offer-any-...

jimlynch
Vote Up (7)

Is an outbound firewall needed?
http://ask-leo.com/is_an_outbound_firewall_needed.html

"Firewalls protect you from the certain classes of bad things out on the internet.

Note that's "protect you from them". That implies that the primary function of a firewall is to prevent bad stuff "out there" from reaching or affecting your computer.

My preference is to use a hardware device such as a router with NAT (Network Address Translation) enabled. This does an incredibly effective job of hiding your computer from outside access. You can connect out, but outside computers cannot initiate a connection without your having explicitly configured your router to allow it.

Using a router also takes the burden of that work off of your computer. In fact, a single router can act as a single effective inbound firewall for all the computers that are connected behind it.

An "outbound" firewall looks for threats originating on your computer attempting to connect out to the internet. In a sense, it's "protecting them from you". While that may be very generous of you to protect everyone else from your computer, the real difference is that it will presumably block and more importantly tell you when something suspicious is happening so that you can take corrective action."

Ask a question

Join Now or Sign In to ask a question.
Questions abound over sites authenticating users via identities established through social networks, Yahoo Ponemon Institute survey shows.
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.
Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Dennis Technology Labs says it tested it because of marketing claims for it; Malwarebytes says free version of product is just a clean-up tool.
A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.
An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness