Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Securing a mac infested network with Suse
At 10:35 AM -0500 2/7/02, THO wrote:
Look this is a most painful topic for me to put in front of you all and
perhaps it is not the right forum but I have been monitoring for a while
and I need a place to start...

My company uses macintoshes on the LAN but I cannot seem to find much
good information on how these annoying little machines impact security.

a) This is a really poor attitude to take. Macs empower a lot of people to do amazing things. Mostly people who don't care to know anything about computing. And they shouldn't have to. It's transparent. they're artists, scientists and educators. Why should they know what a ping flood is? It's your job to support them, and if you don't like Macs, maybe you should find another.

b) If you're more comfortable in a unix world, fear not, they should be upgrading to Mac OS X in the next year or so.

c) I'd look a number of lists / sites:

http://www.macsecurity.org
http://www.macosxlabs.org
http://www.macfixit.com
http://www.mac-mgrs.org
http://lists.apple.com
http://www.apple.com/support/security/
http://www.macintouch.com
http://www.macsurfer.com


I have scanned them with several tools and I have found a few network
services running: SRVLOC (427/tcp), afpovertcp (548/tcp), a warning
concerning CVE:CAN-1999-0454, a warning concerning ICMP_MASKREQ, plus I
have been able to conduct a ping attack on the macs effectively
disconnecting them from the network.

This would really surprise me. What version of the Mac OS are you running? Are all updates in place? Just ask yourself the same questions you would on any OS.

They periodically send out packets
addressed to 239.255.255.253 a SRVLOC Service Request (apparently part
of the SLP protocol. But what's that ip?)

RTFRFP.

On win machines and Linux
boxes you can read a ton about how to secure them and you can find
zillions of people willing to help

Funny how that apparently makes Windows and Linux /more/ secure? How many exploits monthly pass bugtraq?

but when I try to talk to the mac
people about what their machines are doing on my LAN I get slapped in
the face with what I like to (angrily) call "Apple Arrogance" (and yet
they are unable to find the button that turns off the unneeded
services.)

Psychology lesson:
Mac users want to get things done. ie at my largest customer, the ratio of macs-PC's is about
40/60 overall, 50/50 in public labs. However, grant $$ awarded (this is a public .edu)
per capita is grossly skewed towards Mac users. They don't care about your LAN. They care
about their core competency. This is the way it should be.

Everything I do read, from "official sources" gives one the
impression that Apple has thought of everything and I need not worry,
Mr.Jobs will take care of everything for me. Unofficially I have found
a dozen or so "tools" designed to wreak havoc with a mac and the network
its on.

Such as...

Does anyone know what risk these mystery machines really pose
to a network? Will I have to settle for putting them behind a firewall
and not be able to secure them individually? I know that generally macs
are a miniscule part of the problem but for a novice like myself with a
number of them to worry about I'd like to have a handle on what the
issues actually are instead of leaving it all up to Apple.

Macs are fairly secure. A couple of my customers manage thousands- one in particular without any sort of firewall(this is not my choice)- usually with 1-2 admins / 500 machines. If there were more security problems, you'd hear about them.


If you have a better forum for this question let me know and I'll go
there. This is just a shot in the dark with this issue.

You need to determine what the timeline will be for upgrading to Mac OS X, for one thing. But mainly, if there are that many Mac users there, you need to learn something about Macs. Google is your friend. There's lots of info out there.




Tim





--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


--
http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
mbartosh@xxxxxxxxxxxxx
303.517.0272
Denver, CO


"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."

- -- Nietzsche
Think Different.

< Previous Next >
This Thread
References