Understanding Firewalls: Build Them Up, Tear Them Down

A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.

Firewalls traditionally focus on traffic coming into a network (or endpoint) from the outside. Advanced threats use a number of techniques to get around that focus – and those techniques aimed at MacOS are at the heart of research being presented at Black Hat this week.
Patrick Wardle, chief research officer at Digita Security and founder of Objective-See, decided that the best way to understand the limitations and possibilities of a firewall was to build his own. The first part of his presentation at Black Hat (and a subsequent talk at DEF CON) will be about how one goes about building a firewall that looks at traffic flowing in both directions and precisely what such a firewall can be expected to stop.
(See Wardles session,
Fire & Ice: Making and Breaking macOS Firewalls
, on Thursday, August 9, at Black Hat USA)
The second part of the presentation will look at how an attacker would go about breaking through the firewall to reach the target within. Wardle says existing third-party firewalls for MacOS protect traffic in both directions and can be quite effective.
There are some Mac malware samples that, the first thing they do when run, is enumerate the installed software and look for one of these firewall products, Wardle says. And if they see one of these firewall products, they will actually not infect the system because they know that the firewall will basically detect them and then give away their presence to the user.
But even good firewalls are at a disadvantage to attackers because, in the Internet era, certain communications simply must be allowed. I run through a variety of hacks where we can basically abuse trusted protocols, trusted processes. And even though the firewalls will see these connections, they will allow them because they have no way of telling that theyre actually malicious, Wardle says.
Many Mac users are more trusting than they should be because of the Macs reputation for security. Its a reputation that Wardle says is based on history and aggressive marketing – and is less deserved than was once the case.
In my expert professional opinion, if you look at the latest version of Windows – Windows 10 – and compare it to the latest version of OS X, theres really no comparison in terms of security. The Windows operating system is just so much more secure, Wardle says. Any attacker who wants to infect your Mac computer, if theyre advanced and sophisticated enough, they are going to have no problem hacking in.
The firewall that Wardle developed for his presentation will be available on Github at the end of his session. The software will be free and open source.
Related Content:
Cloud Security: Lessons Learned from Intrusion Prevention Systems
7 Ways to Keep DNS Safe
Meet Bro: The Best-Kept Secret of Network Security
The Risks of Remote Desktop Access Are Far from Remote

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Understanding Firewalls: Build Them Up, Tear Them Down