On Wed, Oct 19, 2011 at 7:37 AM, James Rankin wrote:
>> No amount of firewall, gateway, VPN, client AV checking, etc., will
>> protect against a client device that is rootkit'ed deeply enough that
>> you can't detect anything (or captured inside hypervisor-level
>> malware), but is silently scree
That could apply to any device on your LAN, although there is more of a risk
factor with devices that haven't been under your control, obviously.
Defense-in-depth is the only way to mitigate against the most insidious of
threats.
However, you are forgetting that Apple devices are immune to malware
On Wed, Oct 19, 2011 at 5:58 AM, wrote:
> Managed correctly, you can allow users to supply their own devices.
No amount of firewall, gateway, VPN, client AV checking, etc., will
protect against a client device that is rootkit'ed deeply enough that
you can't detect anything (or captured inside
BlackBerry wireless device, which may wipe itself at any
moment
-Original Message-
From: "Alan Davies"
Date: Wed, 19 Oct 2011 10:52:27
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Macs and vunerabilities
I've worked in places where diss
es
Subject: Re: Macs and vunerabilities
I don't let non-corporate machines on my network without enforcing that they
have a current version of a recognized brand of AV and that it's been updated
within the past 5 days - I enforce that with the configuration of the of the
SSL VPN applia
raphical locations it’s a whole different scenario.
>>
>> ** **
>>
>> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com]
>> *Sent:* Wednesday, 19 October 2011 10:28 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Macs and vunera
far more focus(and
> discussion) on accepting the current trend than I see on the tools and
> processes to manage it.
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, 19 October 2011 12:09 PM
>
> *To:* NT System Admin Is
only logic that makes sense is whether or not it makes the business more
successful. We assess risk and advise.
a
From: James Hill [mailto:james.h...@coffeeclub.com.au]
Sent: 18 October 2011 23:07
To: NT System Admin Issues
Subject: RE: Macs and vunerabilit
l locations it’s a whole different scenario.
>
> ** **
>
> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, 19 October 2011 10:28 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Macs and vunerabilities
>
> ** **
>
> If you
ork.
>
> -Original Message-
> From: Kurt Buff mailto:kurt.b...@gmail.com>>
> Date: Tue, 18 Oct 2011 19:37:15
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
> Reply-To: "NT System Admin Issues"
> mailto:ntsysadmin@ly
On Tue, Oct 18, 2011 at 20:52, Ben Scott wrote:
> On Tue, Oct 18, 2011 at 11:27 PM, Kurt Buff wrote:
>> No, I have already left. They just don't know it yet, because I
>> haven't found a new job yet. Nothing they are likely to do will keep
>> me there.
>
> Except, perhaps, the continuing paychec
On Tue, Oct 18, 2011 at 11:27 PM, Kurt Buff wrote:
> No, I have already left. They just don't know it yet, because I
> haven't found a new job yet. Nothing they are likely to do will keep
> me there.
Except, perhaps, the continuing paycheck.
-- Ben
~ Finally, powerful endpoint security that I
issues with moving down this path.
From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Wednesday, 19 October 2011 8:20 AM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
It's not just about employee rights/freedom -- it's about managing
t's not /your/ network.
>> >
>> > -Original Message-
>> > From: Kurt Buff
>> > Date: Tue, 18 Oct 2011 19:37:15
>> > To: NT System Admin Issues
>> > Reply-To: "NT System Admin Issues"
>> > Subject: Re: Macs
Message-
> > From: Kurt Buff
> > Date: Tue, 18 Oct 2011 19:37:15
> > To: NT System Admin Issues
> > Reply-To: "NT System Admin Issues" <
> ntsysadmin@lyris.sunbelt-software.com>Subject: Re: Macs and vunerabilities
> >
> > I don't let
o: NT System Admin Issues
> Reply-To: "NT System Admin Issues"
> Subject: Re: Macs and vunerabilities
>
> I don't let non-corporate machines on my network without enforcing
> that they have a current version of a recognized brand of AV and that
> it's been updated
On Tue, Oct 18, 2011 at 10:40 PM, Kurt Buff wrote:
> If it's their machine, it's their responsibility. Have them fix it.
I used to work for an IT services contractor (i.e., technology
whorehouse). From the instant we set foot on someone's property,
every single thing that ever went wrong was o
Until the CEO says 'make this work'. It's not /your/ network.
-Original Message-
From: Kurt Buff
Date: Tue, 18 Oct 2011 19:37:15
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: Re: Macs and vunerabilities
I don't let non-co
pen here, we would have to manage them.
> >
> >
> >
> > When something corporate doesn’t work because of the users device who has
> to
> > investigate it? You or the user? Who determines where the issue lies?
> >
> >
> >
> > From: kz2...@go
wireless device, which may wipe itself at any
> moment
>
>
> From: James Hill
> Date: Wed, 19 Oct 2011 00:12:56 +
> To: NT System Admin Issues
> ReplyTo: "NT System Admin Issues"
> Subject: RE: Macs and vunerabilities
>
> T
gt; Sent from my POS BlackBerry wireless device, which may wipe itself at any
> moment
>
>
> From: James Hill
> Date: Tue, 18 Oct 2011 22:07:01 +
> To: NT System Admin Issues
> ReplyTo: "NT System Admin Issues"
> Subject: RE: Macs and vunerabilities
>
> The is
On Tue, Oct 18, 2011 at 10:09 PM, Andrew S. Baker wrote:
>> What’s the costs in the long run though? Unmanaged devices
>> may have more down time which may result in unproductive workers.
>
> While I don't necessarily disagree with your points, that
> ship has already sailed.
So has the Titani
gt; *From: *James Hill
>
> *Date: *Tue, 18 Oct 2011 22:07:01 +
>
> *To: *NT System Admin Issues
>
> *ReplyTo: *"NT System Admin Issues" >
>
> *Subject: *RE: Macs and vunerabilities
>
> ** **
>
> The issue I see is that f
***
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, 19 October 2011 8:20 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Macs and vunerabilities
>
> ** **
>
> It's not just about employee rights/freedom -- it'
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Wednesday, 19 October 2011 10:28 AM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
If you have a user at home who uses VPN to access your systems remotely, and
they can't get it to work because their system is broken,
ssage-
From: James Hill
Date: Wed, 19 Oct 2011 00:12:56
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Macs and vunerabilities
The key there is "We aren't managing those systems". That's my concern, it
wouldn't happen here, we wo
where the issue lies?
>
>
> ** **
>
> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, 19 October 2011 9:34 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Macs and vunerabilities
>
> ** **
>
> A lot of us al
ere the issue lies?
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Wednesday, 19 October 2011 9:34 AM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
A lot of us already let home PCs connect to our corporate LANs via various
methods. We aren't managing those systems
le opinion.
Sent from my POS BlackBerry wireless device, which may wipe itself at any
moment
-Original Message-
From: James Hill
Date: Tue, 18 Oct 2011 22:07:01
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Macs and vunerabilities
The issue I
Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, 19 October 2011 8:20 AM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
It's not just about employee rights/freedom -- it's about managing costs.
(They pay the same for the tech team whether we struggle with integration
wrong with
> this is the job and this is the tools you will use and we will pay you this
> much. No you can’t bring in your personal computer, your fridge, your
> microwave and yes you need to wear closed in shoes!
>
> ** **
>
> *From:* James Rankin [
our personal computer, your fridge, your microwave and yes you
need to wear closed in shoes!
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, 18 October 2011 6:07 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
It's all about the delivery of your corporate apps
te the code for the Playstation Network is unhackable.
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, 18 October 2011 10:46 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
"However, I'm pretty sure that Suncorp's loo
-
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Tuesday, October 18, 2011 2:33 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
Let's not confuse delivery with due diligence. In a regulated industry, I'm
sure there are plenty of lawyers and risk managers
Davies [mailto:adav...@cls-services.com]
Sent: Tuesday, 18 October 2011 4:26 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
Fair enough! However, re the Aus story (sorry, not time to read today), size
is never a good indicator of performance (ahem!)!! Honestly .. if I
biggest banks
can't detect rogue traders. Lots of people, big and small, do things very
poorly.
a
-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: 18 October 2011 03:53
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
When I said "
like this only to run
> Windows(via Citrix or whatever) on it anyway.
>
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com]
> Sent: Tuesday, 18 October 2011 12:53 PM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
>
> When
18 October 2011 12:53 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
When I said "it doesn't matter", I'm speaking to the technical points - not the
commercials, legals, occupational health and safety etc. concerns.
FWIW, this bank is alre
NT System Admin Issues
Subject: RE: Macs and vunerabilities
Not true - you take on liability as an employer. You may protect the rest of
your network to some extent with the example below, but it doesn't change your
liability. And I'd still want a VPN in front of RDS/Citrix rather tha
Something like that, among other things.
From: Dean Cunningham [mailto:dean.cunning...@gmail.com]
Sent: Monday, October 17, 2011 1:59 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
:) I can see this thread spinning out of control in terms of how bright users
are .. or not
- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:17:00 -0700
Subject: RE: Macs and vunerabilities
> OK you've sold me (well, you and a few hours of Google-Fu), I jus
l Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:01:01 -0700
Subject: RE: Macs and vunerabilities
> How many Mac's and 'Doze OS are you guys managing with these?
>
> -
---
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:01:01 -0700
Subject: RE: Macs and vunerabilities
> How many Mac's and 'Doze OS are you guys managing with these?
>
> -Origi
How many Mac's and 'Doze OS are you guys managing with these?
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
Unfortunately, no. I wish we did
J I can see this thread spinning out of control in terms of how bright
users are .. or not..
I see your concern as how do I manage these devcies in the rare event a
LUser runs some malware on it inadvertently?
On Tue, Oct 18, 2011 at 3:55 AM, David Lum wrote:
> Right, but that doesn’t change m
I have a copy of Win95 Rev 1 on 13 floppies :)
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 4:44 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
HA!
I think I still have a copy of Windows 98 SE
:24 -0700
Subject: Re: Macs and vunerabilities
> I have a Mac SE in my attic. I think it needs a harddrive. i hope i
> still have the system 7 OS floppies.
>
> Bill
>
>
> David Lum wrote:
> > In this environment do you have a "Mac SE" and a "Windows
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
12:39:44 -0700
Subject: RE: Macs and vunerabilities
> In this environment do you have a "Mac SE" and a "Windows SE", or does the
> same person manage both? Seems to be adding quite a bit to one's pl
7;s plate.
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Monday, October 17, 2011 9:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
Thanks for all this information Matt, it's greatly appreciated!!
-Original Message-
Fr
Admin Issues
Subject: RE: Macs and vunerabilities
Thanks for all this information Matt, it's greatly appreciated!!
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:57 AM
To: NT System Admin Issues
Subject: RE: Macs and v
ris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
11:18:05 -0700
Subject: Re: Macs and vunerabilities
> My only complaint with the Xserve was the one year warranty. That is
> ridiculous in the enterprise world. and of course apple support isn't
> enterprise level like you expect wit
nt: Mon, 17 Oct 2011
09:24:02 -0700
Subject: RE: Macs and vunerabilities
Open Directory is part of OS X Server and thus discontinued? Or have I got
wrong?
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 11:57 AM
To: NT Syst
.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities
My concern is all the above. As currently implemented, Mac's on our network
are no different than users home Windows laptops being allowed to
Got it, tyvm.
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 12:35 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
You are incorrect.
Mac OS X Server never went away. There were fears it might, but not in
rg]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
09:24:02 -0700
Subject: RE: Macs and vunerabilities
>
>
> Open Directory is part of OS X Server and thus discontinued? Or have I got
> wrong?
>
>
> -Original Message-
>
Open Directory is part of OS X Server and thus discontinued? Or have I got
wrong?
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 11:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
If you want the Apple
: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:42:21 -0700
Subject: RE: Macs and vunerabilities
> Can you set the parental controls centrally or do you have to walk around to
> every Mac and configure them individually?
>
> Ben M. Sc
Thanks for all this information Matt, it's greatly appreciated!!
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
You are correct, many of these thing
elt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities
> My concern is all the above. As currently implemented, Mac's on our network
> are no different than users home Windows laptops being allowed to directly
> connect to our network. I can&
: S Powell [mailto:powe...@gmail.com]
Sent: Thursday, October 13, 2011 16:33
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
I know that many people on this list use GPO to whitelist apps in windows, you
can do the same on a mac with parental controls.
We have a few, laptops and
s direct on the Internet ...
a
-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: 17 October 2011 16:28
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
You could provide all corporate services via VDI (RDS or Citrix). With
other isolation techniq
, 2011 8:28 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
You could provide all corporate services via VDI (RDS or Citrix). With other
isolation techniques, it doesn't really matter what the end users bring in.
Also have some policies for end-users to follow (e.g. insta
omain).
There's at least one mid-tier bank in Aus doing this very thing (Suncorp-Metway)
Cheers
Ken
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Monday, 17 October 2011 11:17 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
My concern
n't patch Flash, Java, etc
Dave
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
David, from what direction are your concerns coming from?
Are you concer
trict
- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities
> Well, we're getting a Mac invasion here and there is zero app
Right, but that doesn't change my level of concern :)
From: Dean Cunningham [mailto:dean.cunning...@gmail.com]
Sent: Sunday, October 16, 2011 3:01 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
In fairness to macs , it is usually the user that gets exploited and not the
In fairness to macs , it is usually the user that gets exploited and not the
mac.
there is a file that resides on a mac (supplied/updated by apple)
very basic malware support
http://support.apple.com/kb/HT4657
On Sat, Oct 15, 2011 at 1:55 AM, David Lum wrote:
> This in particular won’t work bec
Oh this is good, thanks. Also wating the video now.
-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, October 13, 2011 7:14 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
Watch that video I sent you in my previous message
This in particular won't work because all I get is "these things rarely get
exploited".
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 13, 2011 8:19 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities
You can dig into these:
htt
You can dig into these:
http://secunia.com/advisories/product/96/?task=advisories_2011
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Thu, Oct 13, 2011 at 5:45 PM, David Lum wrote:
> Does anyone have a link to an article or two tha
[david@nwea.org]
Sent: Thursday, October 13, 2011 6:01 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities
They can get to the Internet, file shares, printers, e-mail, etc on native Mac
but I just have alarms going off in my head “unmanaged machines with no idea
what intellectual
Here is a link to a 50 minute speech by Carlos Perez at DerbyCon a few weeks
ago. He is the lead vulnerability researcher for Tenable Networks. About a
third of the way into it he goes into detail about Lion vulnerabilities. Short
version, he say's 'Lion, the new Vista. Thank you Apple!' quite
Powell
Date: Thu, 13 Oct 2011 16:32:32
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: Re: Macs and vunerabilities
I know that many people on this list use GPO to whitelist apps in windows,
you can do the same on a mac with parental controls.
We have a few, l
ng as much work as possible
>> on the native MacOS.
>>
>> ** **
>>
>> They can get to the Internet, file shares, printers, e-mail, etc on native
>> Mac but I just have alarms going off in my head “unmanaged machines with no
>> idea what intellectual pr
have alarms going off in my head “unmanaged machines with no
> idea what intellectual property is on them”.
>
> ** **
>
> Dave
>
> ** **
>
> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 13, 2011 2:49 PM
>
> *
ess device, which may wipe itself at any
moment
-Original Message-
From: David Lum
Date: Thu, 13 Oct 2011 22:01:20
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Macs and vunerabilities
Well, we're getting a Mac invasion here and there is
et, file shares, printers, e-mail, etc on native Mac
but I just have alarms going off in my head "unmanaged machines with no idea
what intellectual property is on them".
Dave
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Thursday, October 13, 2011 2:49 PM
To: NT System Admin
I remember the big "mac virus" recently was socially engineered - but that's
definitely the mac's biggest vulnerability. Given that mac users generally
believe they are invulnerable, its an arguably bigger vector than the same one
on a Windows system.
Sent from my POS BlackBerry wireless devic
78 matches
Mail list logo
