On mySimon: North Face Elkhorn 0 Degree Sleeping Bag
BNET Business Network:
BNET
TechRepublic
ZDNet

April 27th, 2009

Macs in the enterprise: The security conundrum

Posted by Ryan Naraine @ 9:23 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Mobile (In)Security, Patch Watch, Pen testing, Punditocracy, Zero-day attacks, iPhone

Tags: Enterprise Security, Apple Macintosh, Apple Inc., Security, Ryan Naraine

Guest editorial by Andrew Storms

Managing IT for a software company has its challenges.  For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best.  The panelists at a recent RSA Conference session “Responding to the ignored threat - Macs in the Enterprise” seemed to face the same kind of problems I do.

Based on the war wounds of the speakers, enterprises continue to find challenges when they try to bring Apple products into their security fold.

Each of the enterprises has the usual defined security policies and on a daily basis they weigh the risks associated with “grey” areas against the productivity of their users.  The session’s hot topic was the largely ignored impact of Apple products on security practitioners working hard to reduce enterprise risk.

At Universities, the Mac population has been on a significant increase and nearly 50% of all users, students and facility, use Macs.  In addition to the Mac, nearly all users either have or want an iPhone. Both these devices make enterprise security problems more daunting. Try telling your new employee he can’t have his favorite productivity tools because of security issues.

The panelists — John Dasher, Jon Allen, Jeff Gamet and Stanton Gatewood — each discussed their current environments along with the trends and challenges they face with the Mac, and with all end points.  A common opinion among the speakers was that the ease of use built into all modern computers, and especially Macs, have made users less knowledgeable and this is a bad thing for security.  A naïve user is more likely to fall victim to attacks like phishing.  A naïve user, with a burning desire for Apple products with their inherent lack of centralized management tools spells trouble.

Panelists offered a number of suggestions for tackling these issues.  At Baylor, they are actively working hard to deploy Open Directory so that IT security can set basic end point security policies like screen saver
passwords and control over patching cycles.  At the University of Georgia, the security team has put a significant emphasis on training.  This teams holds brown bag sessions monthly, sends out newsletters and other communication tools help them increase awareness and reduce overall risk.

Sadly, it was evident from the discussion that Apple’s continued reluctance to provide enterprise security tools is still causing heartburn for security professionals.  Apple has yet to deliver anything on par with the policy systems Microsoft has built into Active Directory.

* Andrew Storms is nCircle’s Director of Security Operations. He is responsible for the definition and enforcement of the company’s security compliance programs as well as overseeing day-to-day operations for the Information Technology department.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 90 Talkback(s)
You cant honestly compare open directory to ad can you? NT
..... (Read the rest)
Posted by: jdbukis@... Posted on: 09/04/09 You are currently: a Guest | | Terms of Use
What's the big deal here now?  Intellihence | 04/27/09
ZZZZZZZZZZZZzzzzzzzzzzzz............  socialism=nowhere | 04/29/09
Apr 2009, Conficker infects 700 PCs in U of Utah, Macs not affected.  Davewrite | 04/27/09
bullseye  frgough | 04/27/09
The IT Staff here  wolf_z | 04/28/09
Correct  dbisse@... | 04/29/09
Macs  honeymonster | 04/27/09
you're talking 'theory' vs. fact. Miller is a mac user & recommends macs  Davewrite | 04/27/09
Your ignorance will simply kill Apple  Gladiatorcn | 04/27/09
Apple doing fine: Profits up 15% , Microsoft DOWN 32%  Davewrite | 04/27/09
Man you just don't get it...nt  socialism=nowhere | 04/29/09
Totally missing the point  honeymonster | 04/27/09
Point is PCs not Macs in U got hit. Point as CM says Macs are safer today  Davewrite | 04/27/09
Slip and slide  honeymonster | 04/27/09
another enterprise example: CBS also Hit by Conficker!  Davewrite | 04/27/09
Quick! Trot out Conficker! Deflect any discussion of Mac security  honeymonster | 04/28/09
re:honeymonster - well said your wasting your breath on a cluess  socialism=nowhere | 04/29/09
Talk about slip and slide  DeusExMachina | 04/29/09
Incompetent IT staff allow infection...  Sleeper Service | 04/27/09
if there weren't PC plagues and epidemics IT staff skill less needed -nt  Davewrite | 04/27/09
How much skill does it take...  wolf_z | 04/28/09
in an enterprise environment?  scripter | 04/29/09
Apparently a lot for him, just read the responses - clueless - nt  socialism=nowhere | 04/29/09
Was CBS also incompetent as CBS also hit?  Davewrite | 04/27/09
yes, incompetent  honeymonster | 04/27/09
lol! you need to be smarter than U of Utah or CBS to run PCs safely!  Davewrite | 04/27/09
smart enough to showcase their incompetence  rtk | 04/27/09
Enterprise Mac.  ashdude | 04/27/09
This story is about Macs  honeymonster | 04/27/09
hey dude seems like you're losing your cool  Davewrite | 04/27/09
Nah  honeymonster | 04/27/09
According to Secunia, Redhat has the most vulnerabilities. But.. who cares?  ashdude | 04/28/09
DAMAGE CONTROL  honeymonster | 04/27/09
man you're stuttering, PC infected? Use Norton Quick! nt  Davewrite | 04/27/09
That's about ...  Feldwebel Wolfenstool | 04/27/09
Mar 2009 MacBook Air was hacked in just 10 seconds..  silent.griffin | 04/27/09
Charlie Miller who hacked it is a Mac User , says Macs are safer  Davewrite | 04/27/09
No. He's saying that you are probably "safer on a mac"  honeymonster | 04/27/09
much of the Mac users are ignorant  shellcodes_coder | 04/28/09
AMEN! -nt  socialism=nowhere | 04/29/09
Please list the current Mac virus' and worms. Patched or unpatched. (nt)  ashdude | 04/28/09
Must I?  honeymonster | 04/28/09
So basically you danced around the question...  James Quinn | 04/28/09
So there's zero virus & worms on the Mac. Is that what you're saying?  ashdude | 04/28/09
@ashdude  DeusExMachina | 04/30/09
@DeusExMachina. I know. grin  ashdude | 04/30/09
I'll believe Macs are vulnerable  Monkeypox | 04/27/09
Windows is NOT exploited by windows haters  honeymonster | 04/27/09
Exactly!! avg users are ignorant of enterprise IT security  iTeaBoy | 04/28/09
Who you calling stupid?  DeusExMachina | 04/30/09
Possibly you??  iTeaBoy | 04/30/09
More probably  DeusExMachina | 04/30/09
APPLE'S Standard Operating Procedure....  Feldwebel Wolfenstool | 04/27/09
Not a matter of faith... just fact.  James Quinn | 04/28/09
Zero bugs? Don't think so.  pwn0tr0n | 04/28/09
Nope never re-imaged an OSX Mac yet at least....  James Quinn | 04/28/09
So what you're saying is...  wolf_z | 04/28/09
Not sure where you seem to think you've scored here?  James Quinn | 04/28/09
That's kind of weak not your usual...dissapointed - nt  socialism=nowhere | 04/29/09
Mac?  nimrod666 | 04/29/09
Wish granted!  MKleinpaste | 05/08/09
Seems to work for Microsoft...  randomnoise | 04/28/09
I'm confused. What are they looking for that Apple doesn't already...  olePigeon | 04/28/09
You don't actually know what Group Policies are...  wolf_z | 04/28/09
WOW... Let there be light  51864 | 04/28/09
Except he's completely wrong, but that's OK. [nt]  olePigeon | 04/28/09
(DELETED)  Fark | 09/03/09
Absolutely everything you listed is supported in OS X Server...  olePigeon | 04/28/09
You cant honestly compare open directory to ad can you? NT  jdbukis@... | 09/04/09
RE: Macs in the enterprise: The security conundrum  51864 | 04/28/09
Voice of reason  honeymonster | 04/28/09
It is readily apparent that neither of you have ever used OS X Server. [nt]  olePigeon | 04/28/09
Need I remind you...  ashdude | 04/28/09
OSS has different requirements when reporting vulnerabilities...  olePigeon | 04/29/09
You need to get out from under the Microsoft propaganda...  olePigeon | 04/28/09
Here's four more letters for you: FAIL  DeusExMachina | 04/30/09
RE: Macs in the enterprise: The security conundrum  larissa860 | 04/28/09
details of your enterprise experience?  iTeaBoy | 04/29/09
RE: Macs in the enterprise: The security conundrum  Steve KTG | 04/28/09
Don't confuse vulnerabilities with exploits  iTeaBoy | 04/29/09
RE: Macs in the enterprise: The security conundrum  vinnyboombatz | 04/29/09
RE: Macs in the enterprise: The security conundrum  cameljockey | 04/29/09
different environment, different risks  scripter | 04/29/09
Mac OS X Server features include...  smdunn | 04/30/09
RE: Macs in the enterprise: The security conundrum  acdesign | 04/29/09
How much more tedious can you people get?  compudog | 04/29/09
How much more obtuse  DeusExMachina | 04/30/09
Deny Reality  comp_indiana | 05/08/09
create reality  rtk | 05/08/09
The level of "OS X" ignorance is just... staggering.  MKleinpaste | 05/08/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More