Firewall Connection {dkim-fail}
ned+xtension at mrochek.com
ned+xtension at mrochek.com
Sat May 9 22:03:03 EDT 2020
> Hmm. As far as I know, Little Snitch is an outbound firewall and can show
> and control the connections that your Mac tries to make to other servers, e.g.
> an app with malware that makes a connection to a download server for the
> malware payload, rather than a stateful firewall that is watching inbound
> traffic from the internet.
Little Snitch also covers inbound connections. My setup has been heavily
modified, but I think the original default was to allow inbound connections
from the LAN but not outside. You can whitelist on a per-app basis.
Also remember that Mac OS X also has its own firewall.
> Your cable/FIOS/dsl modem should have a firewall that does that. That
> firewall is usually set to deny all incoming traffic and you have to specify
> any ports/ip addresses you want to allow through from outside.
You'd be amazed at the lax configurations some of these devices have.
> In any case, the more accepted way to use VNC, which is what Screen Sharing
> is based on, From the Internet is to use SSH and tunnel the screen sharing
> through that. That ensures that your session is fully encrypted, which may not
> be the case With Screen Sharing.
I haven't dug into it recently, but historically VNC security has been poor.
The enterprise solutions are probably decent at this point, but given the
complete control this provides I'd opt for something better if possible.
> You can use Screen Sharing directly by opening up port 5900 and, I think,
> port 88 for Kerberos authentication, and then manage Screen Sharing with a
> script Like you’re thinking, but I think SSH would be more flexible and
> definitely more secure.
Agreed.
Ned
More information about the XTensionList
mailing list