Q I dislike the lights on my cable modem flashing when I am doing nothing on my Mac, or even when everything on the network is shut down. Although I have a basic router between the modem and network, I cannot seem to get any documentation on its firewall, and cannot find any logs. Neither have I had much joy with OS X’s built in firewall, which just blocked screen sharing. How should I protect my network?
A It is normal and healthy for the activity lights on broadband modems to flash intermittently even though no local device is accessing the Internet. Although some of these exchanges might be part of a hostile port scan or an attempt to guess an SSH account and password, the great majority are control packets passing between your modem and ISP. These should be detailed in your firewall log, but if you are not sure of the firewall settings or how to access its log, you could be steering into danger.
Every device or network that is connected to the Internet must work through an effective firewall that is configured to prevent malevolent incoming connections, or sooner or later it will get hacked. The best protection is afforded by a good modern firewall situated in your modem, router, or as a standalone hardware device, as close to the Internet connection as possible. Software firewalls such as that built into OS X, and accessed through the Security & Privacy pane, can suffice, but are not in general as robust as those in network hardware.
The starting point for any firewall configuration is to allow all outbound connections, but to block all incoming ones, and this is normally the default. You may wish to block some outbound connections to make your firewall more secure, or alternatively if you are worried about apps ‘phoning home’ you could install Little Snitch.
Opening up any ports to incoming traffic should never be undertaken lightly, as every open port offers the malicious a way into your network. If you must, carefully configured Virtual Private Networking (VPN) is acceptable, but normally requires more expensive hardware to work the same protocol at each end of the connection. Opening any ports to unprotected OS X sharing services, such as screen or file sharing, is an invitation to be hacked.
Always watch firewall logs: they are a vital check on security.
Updated from the original, which was first published in MacUser volume 28 issue 11, 2012.