At 10:35 AM -0500 2/7/02, THO wrote:
Look this is a most painful topic for me to put in front of you all and perhaps it is not the right forum but I have been monitoring for a while and I need a place to start...
My company uses macintoshes on the LAN but I cannot seem to find much good information on how these annoying little machines impact security.
a) This is a really poor attitude to take. Macs empower a lot of people to do amazing things. Mostly people who don't care to know anything about computing. And they shouldn't have to. It's transparent. they're artists, scientists and educators. Why should they know what a ping flood is? It's your job to support them, and if you don't like Macs, maybe you should find another. b) If you're more comfortable in a unix world, fear not, they should be upgrading to Mac OS X in the next year or so. c) I'd look a number of lists / sites: http://www.macsecurity.org http://www.macosxlabs.org http://www.macfixit.com http://www.mac-mgrs.org http://lists.apple.com http://www.apple.com/support/security/ http://www.macintouch.com http://www.macsurfer.com
I have scanned them with several tools and I have found a few network services running: SRVLOC (427/tcp), afpovertcp (548/tcp), a warning concerning CVE:CAN-1999-0454, a warning concerning ICMP_MASKREQ, plus I have been able to conduct a ping attack on the macs effectively disconnecting them from the network.
This would really surprise me. What version of the Mac OS are you running? Are all updates in place? Just ask yourself the same questions you would on any OS.
They periodically send out packets addressed to 239.255.255.253 a SRVLOC Service Request (apparently part of the SLP protocol. But what's that ip?)
RTFRFP.
On win machines and Linux boxes you can read a ton about how to secure them and you can find zillions of people willing to help
Funny how that apparently makes Windows and Linux /more/ secure? How many exploits monthly pass bugtraq?
but when I try to talk to the mac people about what their machines are doing on my LAN I get slapped in the face with what I like to (angrily) call "Apple Arrogance" (and yet they are unable to find the button that turns off the unneeded services.)
Psychology lesson: Mac users want to get things done. ie at my largest customer, the ratio of macs-PC's is about 40/60 overall, 50/50 in public labs. However, grant $$ awarded (this is a public .edu) per capita is grossly skewed towards Mac users. They don't care about your LAN. They care about their core competency. This is the way it should be.
Everything I do read, from "official sources" gives one the impression that Apple has thought of everything and I need not worry, Mr.Jobs will take care of everything for me. Unofficially I have found a dozen or so "tools" designed to wreak havoc with a mac and the network its on.
Such as...
Does anyone know what risk these mystery machines really pose to a network? Will I have to settle for putting them behind a firewall and not be able to secure them individually? I know that generally macs are a miniscule part of the problem but for a novice like myself with a number of them to worry about I'd like to have a handle on what the issues actually are instead of leaving it all up to Apple.
Macs are fairly secure. A couple of my customers manage thousands- one in particular without any sort of firewall(this is not my choice)- usually with 1-2 admins / 500 machines. If there were more security problems, you'd hear about them.
If you have a better forum for this question let me know and I'll go there. This is just a shot in the dark with this issue.
You need to determine what the timeline will be for upgrading to Mac OS X, for one thing. But mainly, if there are that many Mac users there, you need to learn something about Macs. Google is your friend. There's lots of info out there.
Tim
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh mbartosh@4am-media.com 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.