Advertisement

How to turn on Stealth Mode in Mac OS X Firewall for more security

For Mac users who need additional network security can turn on an optional firewall feature in OS X named Stealth Mode. If the Stealth Mode is enabled, the Mac will not respond to typical network discovery attempts with ICMP ping requests, and will not answer connections attempts made from closed TCP and UDP networks. Simply to say, it makes the Mac appear to these requests as if it doesn’t exist at all.

If Stealth Mode is enabled, it can distract some network functions and troubleshooting methods to and from a Mac. So, using Stealth Mode is only appropiate for proficient users, or for those who always use their Macs on untrusted public or private networks and who want to improve their machines security in that environment. But if you use your Mac on a closed home network behind a general router and firewall, stealth mode can be more problematic than helpful, and is really not recommended for computers on trusted LAN situations. Additionally, if you don’t trust the network you’re on, you can disconnect and find a safer one go all out and block every possible incoming network connection to the Mac instead.

How to Enable Stealth Mode Firewall in Mac OS X

Stealth Mode is an optional feature who available to virtually every somewhat modern version of OS X:

Directly go to the icon Apple menu and select System Preferences
Go to the “Security & Privacy” preference panel and select the “Firewall” tab

Click on the unlock button and authenticate with an administrator password, click on “Turn On Firewall”, then then click on the “Firewall Options” button
Check the box said “Enable Stealth Mode” then click OK

Close out of System Preferences as usual
The stealth mode ia now enable, it means your mac will not respond to certain types of common network communication and discovery attempts.

If you want to test out of the effectiveness of Stealth Mode, you can use ping at the command line or use Network Utility to try to discover the Mac from another Mac. If you try to ping the Mac with Stealth Mode enabled, it will not responding just as if you were sending ICMP requests to a nonexistent machine, like so (for example the Stealth Mode Mac is 192.168.0.201):

MacBook-Pro% ping 192.168.0.201
PING 192.168.0.201 (192.168.0.201): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
^C
— 192.168.0.201 ping statistics —
6 packets transmitted, 0 packets received, 100.0% packet loss
MacBook-Pro%

While this blocks most of the common network finding methods, some smart individual user could still discover the Mac if they really wanted to, they could discover it with a targeted packet capture, through a connected router, or a variety of other methods. This is why it’s called Stealth Mode, because it can still be uncovered by a dedicated technical search particularly if that someone is on the same network.

If you think Stealth Mode is helpful to use for security and privacy reasons, maybe you will consider blocking all incoming network connections to the Mac too, which is in the same firewall preference panel of OS X. Combining the two is pretty effective.

You can turning off the feature if you feel uncomfortable with it by doing the same steps but this time you have to unchecking the box.

Leave a Reply