Network Security

I’ve decided to repeat a couple of previous decisions, and invest in Little Snitch v3 Mac OS X Firewall software, as well as an international VPN service. I can only recommend Little Snitch for the paranoid who know something about TCP/IP, as it involves a lot of decisions the first few times you use any piece of software.

If a program ever uses the network, Little Snitch captures the attempt, and if you’ve not already approved or denied that application + protocol + destination combination, the Mac user gets a popup window (which sucks if it’s remote access software and you’re the remote one). It’s not a wizard either, you cannot simply click ‘accept’ or ‘deny’ either, one must be firewall savvy to use Little Snitch properly. You need to choose between port #s, host or domain names, or combinations thereof very carefully, lest you get continuous prompts, as the cloud can require access to thousands of servers, or accidentally disable little snitch, by adding a rule to allow all outbound destinations for every app.

You can edit the Little Snitch rules and fix it all later, but smarter answers up front cause fewer popups later, and saves a lot of pain later. Like I said, not recommended for the non-paranoid, non-technical types. It reminds me a little of the NoScript browser plugin, which forces you to whitelist every javascript source site. Sure, it’s a lot more control, but to be honest, it can be a royal pain in the ass. Sometimes I wish the popup were a little smarter in the rule it suggests you add.

Right now, the Little Snitch vendor has a deal, for $5 more, you can get a second security app of theirs in a bundle ($34 without, $39 with). Micro Snitch monitors your web camera and microphone, and alerts you whenever they go active (like a popup version of the little red “recording” light). This is an app I would recommend to anyone. Don’t be caught off guard, know when your Mac is listening to you. Especially with the recent popularity of always-on, always-listening features of applications. Even Apple has an option to have your Mac and/or iPhone run in an always listening mode, quietly waiting for you to wake it with “Hey Siri”. Ugh.

In addition, I’ve signed up with the VPN provider NordVPN. I did try out running our entire home network’s internet traffic through an openvpn tunnel to Chicago, but the throughput of the tunnel was only around 25 Mbps, and the high network latency broke streaming services from netflix and others. This prevents me from keeping all of our Internet traffic private, but it doesn’t prevent me from running a VPN on my desktop and phone, and keeping my own Internet browsing habits (slightly) more private.