Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

The expert's view

Whilst it is true that Apple's operating systems are reasonably secure, iOS particularly so, they are by no means invulnerable.

Users and administrators should be encouraged to take sensible steps to attempt to mitigate any risks, such as only opening email attachments from recognised sources, not simply entering admin details and clicking OK but reading the contents of the dialog asking for admin details and asking themselves if this is something that they were expecting

Bill Gallop, Mac Consultants Manager at Insight UK

"It's probably going to require a rethinking of the centralised management approach and the concept of internal and external networks. New security policies will have to be redesigned to provide protection also for/from non-managed devices," Mador reckons.

Si Kellow, security consultant and CSO at Proact added: "What our under-thanked security manager needs before he starts to deploy technical controls, is a written policy that permits the use of iStuff. This should also set out the corporate position on who is responsible for the upkeep and maintenance of iStuff, and whether any technical controls will need to be deployed in order for the user to make use of iStuff".

What steps should the enterprise take to ensure that Macs and iPads are safe?

"For Mac laptops, the same basic rules apply as for any other laptop: keep the patches current, ensure updates for any third-party software are installed promptly, and enforce robust local security on the device in the form of strong passwords and remote access permissions. Apple has a lot of great remote-management features, such as Desktop Sharing and network bridging, which are easy to turn on and use, so administrators should make themselves familiar with those features and choose consciously whether or not to permit their use. The single most important goal is to have as much uniformity of policy across platforms as possible, because if one platform has an advantage' it will be the one favoured and that advantage will likely accelerate the discovery of weaknesses and exploits. Separating out the security configuration from the usability issues is a challenge, but it's not a new one; administrators have had to manage large populations of Windows laptops running multiple versions at the same time for many years now, so the lessons are similar" - BT's Global Head of Business Continuity, Security & Governance, Jeff Schmidt.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type

How to find RAM speed, size and type

8 Apr 2021
Roadmap 2021: What’s coming from 3CX
Advertisement Feature

Roadmap 2021: What’s coming from 3CX

30 Mar 2021