Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

The expert's view

Whilst it is true that Apple's operating systems are reasonably secure, iOS particularly so, they are by no means invulnerable.

Users and administrators should be encouraged to take sensible steps to attempt to mitigate any risks, such as only opening email attachments from recognised sources, not simply entering admin details and clicking OK but reading the contents of the dialog asking for admin details and asking themselves if this is something that they were expecting

Bill Gallop, Mac Consultants Manager at Insight UK

"It's probably going to require a rethinking of the centralised management approach and the concept of internal and external networks. New security policies will have to be redesigned to provide protection also for/from non-managed devices," Mador reckons.

Si Kellow, security consultant and CSO at Proact added: "What our under-thanked security manager needs before he starts to deploy technical controls, is a written policy that permits the use of iStuff. This should also set out the corporate position on who is responsible for the upkeep and maintenance of iStuff, and whether any technical controls will need to be deployed in order for the user to make use of iStuff".

What steps should the enterprise take to ensure that Macs and iPads are safe?

"For Mac laptops, the same basic rules apply as for any other laptop: keep the patches current, ensure updates for any third-party software are installed promptly, and enforce robust local security on the device in the form of strong passwords and remote access permissions. Apple has a lot of great remote-management features, such as Desktop Sharing and network bridging, which are easy to turn on and use, so administrators should make themselves familiar with those features and choose consciously whether or not to permit their use. The single most important goal is to have as much uniformity of policy across platforms as possible, because if one platform has an advantage' it will be the one favoured and that advantage will likely accelerate the discovery of weaknesses and exploits. Separating out the security configuration from the usability issues is a challenge, but it's not a new one; administrators have had to manage large populations of Windows laptops running multiple versions at the same time for many years now, so the lessons are similar" - BT's Global Head of Business Continuity, Security & Governance, Jeff Schmidt.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020