I have been playing with Little Snitch over the last few days.
I remain extremely interested in using Little Snitch, but I fear that I lack the technical expertise to fully and properly implement and use it and may do more harm than good . Were I to use Little Snitch, I would like to have it completely and fully dialed in!
I am comfortable with its features set and settings but because I am not a security expert I have a number of questions.
Blocklists
a. There are so many alerts in respect of e-mails where the result of blocking the alert is that the e-mail may not properly display. Is there a block list that focuses on these to provide “comfort” that allowing the alerts that do not get blocked is a fair place to start?
b. What is the best practice in respect of Blocklists (i.e., don’t use, use, use and review, etc.)?
Blocked Webpage: There is a webpage that is i) blocked and ii) the domain does not appear in the rules. I am thinking that they it is blocked by the Blocklist I have installed or by a domain / rule that appeared in a previous alert (i.e., no alerts were received in respect of this website). How do I identify the rule that is blocking the webpage?
Configuration / Setup: As there ae so many domains – making it near impossible to review all of them:
a. What is the recommended configuration process (noting I selected the iCloud Services, macOS Services and Apple Apps Rule Services and then dealt with all the alerts from third parties)?
b. What is the recommended standard / test to be comfortable that the configuration is optimal given i) it is impossible to approve all rules ii) it is impossible (subject to the answers below) to definitively determine the purpose / use of a domain, whether to block the domain, hostname, IP Address, and more?
Network Monitor:
a. Settings > Privacy & Security > Location Services > Little Snitch Agent and Little Snitch Network Monitor are both enabled but my location is not being moved / set when selecting “Automatically determine my location”. How can this be fixed?
b. What is the best way to open Network Monitor (i.e., is there a way to open it other than clicking on the menu bar icon, I would have thought that it would appear under the Little Snitch > View menu)?
Profiles: I have three profiles setup (i.e., Away, Home/Office, and Effective in all profiles).
a. What is the best practice for setting up profiles (i.e., all rules in Effective in all profiles and then tweak the Away and Home/Office profile as needed)?
b. What is the best way to tweak the Away and Home/Office profiles (i.e., is it to copy the rules that differ from in Effective in all profiles to each of the Away and Home/Office profiles and then change /modify the rules in the Away and Home/Office profiles)?
c. How does one Allow the Local Network in the Home/Office profile but deny it in the Away profile?
Rules:
a. How does one decide (i.e., what are best practices between blocking a domain, a hostname, an IP address, and all the other options (i.e., port, protocols, etc.)?
b. Is it best practice / important to approve all rules given most / a large number of the rules com from Rule Groups (i.e., iCloud Services, macOS services, Apple and Apps)?
c. What is the best way to determine whether a domain / hostname / IP address should be denied as I find it very time consuming and not always helpful to Google each alert I get?
Start over
a. If one wants to start over based on having a better understanding is Little Snitch > File > Restore factory Defaults the preferred approach?
Little Snitch versus Little Snitch Mini
a. Given my knowledge level (or lack thereof as illustrated by the above) would you recommend Little Snitch or Little Snitch Mini noting I am an individual user (not part of a larger organization) and why?
Thank you.
