As we explained on today's show, Mac OS X comes with an industrial-strength built-in firewall called IPFW. Like many other applications hidden in OS X, IPFW is part of Darwin, the FreeBSD Unix foundation upon which OS X is built. While OS X is generally secure as shipped, the firewall is not enabled. It should be if you use your Macintosh on the Internet.

The easiest way to get started is to download a front-end to IPFW. There are two good shareware choices available. Brian R. Hill's BrickHouse and Mike Vannorsdel's Firewalk.

I recommend and use BrickHouse. For most users, BrickHouse is the simplest way to go. You can try it for free, although Hill requests $25 if you like the software. That's a small price to pay for a secure system.

When you run BrickHouse, it will walk you through a series of choices about the kind of protection you want. In general, it's best to block all incoming and outgoing traffic except for the services you know you want, such as HTTP (for the Web) and FTP (for file transfer). BrickHouse can also create rules blocking well-known attacks such as Back Orifice and Netbus. Based on your decisions, BrickHouse will create a configuration script for IPFW and optionally install a startup script that turns on IPFW each time you boot. The latest version of BrickHouse can enable IPFW's built-in Internet connection sharing.

Find out how to configure IPFW without a front-end.