Authored by: Support.com Tech Pro Team
It can be frustrating when a piece of software has problems getting online, and you're requested to check your networking configuration, or to 'open ports'.
This guide hopes to help demystify network security on your Mac, and help you check what settings are in place, to be certain nothing is causing problems.
Today's modern computers no longer rely on you, the user, to know the inner workings of computer networking to setup secure communications. Instead, they work on a 'model of trust' related to the application itself.
The way computers talk to each other on the Internet and home networks is through Internet Protocol (IP) addresses and Ports.
An easy way to think of this is a block of office buildings.
For example, if you wanted to write a letter to someone in Building 101, Suite 300, Office 2, you'd probably put the following on the envelope:
Building 101
Suite 302
The Postal Service would take care of getting the mail to Building 101. From there, the office mail would take care of getting the mail up to the third floor, and into office two.
Computers work in the same way. Each bit of data, or letter, is called a packet. Each packet has an address. For the exact same example, using the computer numbers on the right instead:
34.56.78.101::192.168.0.3:443
Your Internet Service Provider (ISP), would take care of getting that packet to the home network's public IP (34.56.78.101). From there, the router in your home would take care of getting that packet to computer 192.168.0.3. Then, the computer itself would receive it, and any program listening on port 443 would hear the message.
Your computer does this dozens of times for every web page you visit, for example. Once for each image, the page itself, etc. It does it thousands, if not millions, of times for the various bits of the video you watch, or audio you listen to, or game you play.
Recently, computers have become much, much faster, and the way they work has changed such that they can do multiple tasks at once. This has allowed a new way of looking at network security to become a reality.
Rather than the computer just assuming everything that's running is allowed unrestricted access to network resources, or just allowing everything unrestricted communication, there can be some checks put in place that don't impact how the computer works, or slow things down.
To use our office metaphor: Another person was hired to check the mail on each floor, and weed out the junk mail and malicious packages; a security guard who watches the communication going on.
That security guard keeps track of who's in the office, and if those people are to be trusted, and how much trust to give them. The CEO's mail may go in and out without so much as a second glance, but the temp in accounting would probably fall under a lot more scrutiny and not be allowed to use the company resources quite so freely. The same thing happens under the Application Firewall Model.
On your computer, the firewall no longer assumes you know everything about every program you use and how it communicates. Instead, you can choose to trust the application itself, and what it can and cannot do in general.
For example, a chat application. You want to be able to chat with your friends and family using it. The first time it tries, the firewall steps in and blocks it, but asks you if that's okay, and you allow it. You didn't need to know that the chat application uses ports 2700 and 80, you didn't need to know what endpoints it uses. You didn't need to know to allow those ports only when the chat application was open. The firewall takes care of all of that for you.
The big benefit to this is it's now much easier for you to keep safe and secure online, because you just need to tell the firewall, once, what programs are and are not allowed access. You don't have to 'know' how that application works, or what program to visit to allow access on certain ports.
Everything starts out forbidden. When a program opens and makes a request, the firewall checks if the application is on its list.
What this means is you no longer have to worry about opening and closing ports to keep safe online. Just watch for the prompts from your firewall, read them, and allow or block access for the application as you need.
A firewall can help keep other computers from connecting to it when you don't want them to, such as when you're on the Internet or a network. However, it will still allow you to browse the web using Safari, for example.