Unlike many other operating systems, Mac OS X ships in a secure state with all network services disabled. This means you can be fairly certain that no matter what network you find yourself on, the likelihood of somebody cracking into your machine is very low. However, as you turn on various services, such as file or web sharing, the ports used to support those services on your computer are opened up, which means they can receive data from the network. For the most part, Apple does a good job releasing security updates, making sure that these services are patched as soon as vulnerabilities are discovered.
If you are truly paranoid and want to take every step possible to control access to your Mac, you can enable Mac OS X’s built-in firewall, based on
, which performs packet filtering at the kernel level. You can turn on the firewall by using System Preferences → Sharing → Firewall, as shown in Figure 11-17.
When you enable the firewall, only packets that correspond to the rules that you set up in the Allow list are allowed into your machine. All other packets are dropped. The default rules are set up so that any services that you share are allowed. However, other ports, such as those needed to use iChat over Bonjour, are closed by default. To allow these ports, you can enable the corresponding rule for the service you want to allow.
Figure 11-17. The Firewall configuration ...