How to Enable Stealth Mode in Mac OS X Firewall for Added Security
Mac users who want a bit more network security can turn on an optional firewall feature in Mac OS X called Stealth Mode. With Stealth Mode enabled, the Mac will not acknowledge or respond to typical network discovery attempts with ICMP ping requests, and will not answer connections attempts made from closed TCP and UDP networks. Essentially, it makes the Mac appear to these requests as if it doesn’t exist at all.
Because Stealth Mode can interfere with some network functions and troubleshooting methods to and from a Mac with this feature enabled, using Stealth Mode is really only appropriate for advanced users, or for those who routinely use their Macs on untrusted public or private networks and who want to improve their machines security in that environment. If your Mac is simply on a closed home network behind a general router and firewall and accompanied by friendly computers and users, turning on stealth mode may be more problematic than helpful, and is really not recommended for computers on trusted LAN situations. Additionally, if you don’t trust the network you’re on whatsoever, you may want to
disconnect and find a safer one go all out and block every possible incoming network connection to the Mac instead.
How to Enable Stealth Mode Firewall in Mac OS X
Stealth Mode is an optional feature of the Mac firewall available to virtually every somewhat modern version of Mac OS X:
- Go to the Apple menu and choose System Preferences
- Go to the “Security & Privacy” preference panel and select the “Firewall” tab
- Click on the unlock button and authenticate with an administrator password, click on “Turn On Firewall” if it hasn’t been turned on yet, then then click on the “Firewall Options” button
- Check the box for “Enable Stealth Mode” then click OK
- Close out of System Preferences as usual
The Mac is now in stealth mode, meaning it will not respond to certain types of common network communication and discovery attempts.
If you want to test out of the efficacy of Stealth Mode, you can use ping at the command line or use Network Utility to attempt to discover the Mac from another Mac. If you attempt to ping the Mac with Stealth Mode enabled, there will be no response just as if you were sending ICMP requests to a nonexistent machine, like so (assuming the Stealth Mode Mac is 192.168.0.201):
MacBook-Pro% ping 192.168.0.201
PING 192.168.0.201 (192.168.0.201): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
--- 192.168.0.201 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
While this blocks most of the common network finding methods, a particularly savvy individual could still discover the Mac if they really wanted to, whether with a targeted packet capture, through a connected router, or a variety of other methods. This is why it’s called Stealth Mode and not Definitively Invisible Mode, because while it’s certainly going to be under the radar from common finding attempts, it can still be uncovered by a dedicated technical search particularly if that someone is on the same network.
If you are interested in using Stealth Mode for security and privacy reasons, you may want to consider blocking all incoming network connections to the Mac as well, which is in the same firewall preference panel of Mac OS X. Combining the two is pretty effective.
Of course, if you enable stealth mode and discover you’re suddenly experiencing network issues with the given Mac, turning off the feature is just a matter of returning to the firewall settings and unchecking the box again.
If you have any thoughts or opinions on stealth mode and the application firewall in Mac OS, share with us in the comments below.