Security expert at Black Hat: Whatever you do, keep Macs out of enterprise

Report describes clearly what malware attacks, what Macs defend and why networking is the weak link

By  

A host of other mechanisms designed to make it simple for users to connect with and use the server do the same for malware as well, Stamos says.

The Apple Remote Desktop authenticates through a tight, 128-bit encrypted tunnel. Bonjour, the ad-hoc DNS service that helps find other Apple hardware in the networked area, requires no authentication, lets linked machines call dibs on a particular network name and pushes away a second machine trying to use the claimed name.

Malware that can listen to enough network chatter to identify names of machines linked through Bonjour can claim a network name for themselves and undercut the Remote Desktop's tighter authentication by pretending to be an account that has already authenticated.

Among other problems or weaknesses are:

  • VPN credentials that remain present and available for hijacking after the original session is complete;
  • Software tokens and issued certificates that can also be hijacked;
  • The ability to create new users in an one of several available directory formats while spoofing a more secure ID;
  • There is no central, required cryptography protocol.

Mac servers also lack functions such as memory forensics to check for malware that's already running, simple ways to check the integrity of the OS and securely signed binary and driver files, all of which are available for Windows.


So what's that add up to in practical terms?

Overall, a single Mac connected to the Internet but not to a Mac server is safer than a PC, primarily because Macs are still far less popular than PCs, so there are fewer viruses in circulation for them and no preconfigured Mac exploits built in to popular cracking toolkits.

However, Mac users are more vulnerable than Windows users, primarily because they assume they're safe. That makes them less wary of attacks based on social-engineering – such as the phishing and spear-phishing techniques that are the leading entry point for cyber-spies penetrating U.S. military networks.

In socially engineered attacks, all the hacker has to do is fool a user, not a secure operating system; much simpler. Users then install the malware themselves by going to maliciously salted web sites or opening tainted attachments.

All users are vulnerable to these types of attacks at one time or another, Stamos said. Mac users are more vulnerable because of their guards are lower.

So what's the conclusion about Macs in the enterprise?

Fine for individuals connecting to servers running Windows or other OSes on TCP/IP networks; death-in-waiting for anyone running Mac OSX servers on network segments linked to the Internet.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question