How stealthy is the stealth mode of the firewall? Does it increase security?

security firewall

In the System Preferences there is the option:

`Security & Privacy -> Firewall -> Advanced... -> Enable Stealth Mode

Does this options significantly increase the security when networking or surfing the internet?

The hint only says: Don't respond to or acknowledge attempts to access this computer from the network by test applications using ICMP, such as Ping.

The hint does not explain how my work with the Mac is affected.


Yes. Stealth mode enhances your system's security. Stateful packet inspection is another crucial component of a firewall's prowess. It's also of note that Apple's firewall is powered by the rugged ipfw.

What Apple says is a concise summary of how stealth mode works, and if you aren't versed in IT security, a full-fledged explanation won't offer up much more as it's a complex system (TCP, or Transmission Control Protocol, which is just one element of data transmission itself is rather complicated and deeply layered).

The fundamentals of networking (aka transferring data on the internet) rely on protocols that establish connections ("handshaking" starts it all) and then relay of data (through things like TCP and UDP). ICMP (such as pinging or echo requests) are typically used to "probe" a target host (most often for quite valid reasons), identifying it on the network. Hackers use them to find their prey.

enter image description here

Firewalls work by planting themselves between the kernel and the TCP/IP stack (so at a very deep level) and watching the packets that run between those layers. In the image above, a system's kernel would be located between the ethernet driver and hardware. The firewall would sit right on top of the kernel. Firewalls need this deep level of integration to remain rugged and durable. If a firewall were implanted at a high level, say at the level of your browser, it would make it highly susceptible to attack. The deeper a process is located (closer to the kernel), the harder it is to gain access to it.

When a system runs without a firewall, the packets are allowed free access (in and out). If an echo request is sent, an echo response is loosed by your computer (think of it as a greeting; someone on the street passes you and says "hello," you smile and greet them in return). But when a firewall is operational, it steps in, like a member of the secret service, following its protocol. If it is told to deny requests, it will send a message to the machine making the request that it does not reply to echo requests. The machine gets a notice that their echo request was denied (or blocked). Naturally this doesn't give that machine much information, but it does inform them that someone is there.

Stealth mode, on the other hand, doesn't. The firewall watches the echo request come in, and instead of denying it, it simply tells your computer to ignore the packet. The machine on the other end, not only doesn't get any data, but doesn't even get a notice of rejection. It's as if their packet was just lost in the space. And that's indicative of either a machine guarded by a secure firewall, or a machine that doesn't even exist.

In effect, it's the equivalent of putting someone through to voicemail (denying the echo request) or simply disabling voicemail and letting it ring, indefinitely (running under stealth mode).

As with anything, a clever hacker can bypass these safe guards, but it does make their life a lot harder. And that's the key to security: making the hackers job just a little bit harder at every turn. That greatly weeds out the "script kiddie" from the die-hard, Lulzsec hacker.

Stealth mode cloaks you from those initiating traffic, but it doesn't make you invisible. Once a connection is established (either by you, or by something that was allowed to negotiate outbound traffic), you pop up on the grid just like any computer. So while sending ping requests may no longer work, there are still plenty of ways hackers could still establish a connection and potentially exploit your computer through a running service.

Related

How can I get the Terminal to keep a separate history per tab/window?
How to enable HiDPI mode on external display in OS X 10.9 Mavericks?
How to use gcc or git without installing xcode?
Why is "auto adjust brightness" washing out my retina display on El Capitan?
Does the developer of a Mac OS X app get the crash reports when the app crashes?
Is it possible to spell a word to Siri?
How to edit theme colors in TextMate 2?
Mail.app in Mavericks moves Gmail mails to Trash instead of Archiving them
Disable screen saver on OS X 10.9
In Terminal, how to exit the two fingers history scrolling mode?
How to remove the annoying quit message by closing iterm2 - prevent logoff/shutdown/reboot
Are photos still backed up in iCloud backup even if iCloud Photo Library is off?