Addressing potential security threats is becoming a part of the everyday experience for many Mac admins. Jennifer Unger knows that first and foremost as a Mac engineer in the Washington DC area. In today's JAMF Nation User Conference (JNUC) session, she examined how you can contend with security threats.
“Security is going to happen whether you like it or not” and you “cannot bolt security on at the end of the day, you need to consciously secure it from the very beginning,” she said.
Unger says that opening the lines of communication with your Information Security (InfoSec) team is a great way to naturally become friends. From conversations that she recently had, she was informed of four main areas of concerns: operating system, hardware, network, and hacking.
The main concerns were OS hardening and access control. She explained that there are a few ways of mitigating these concerns, including using scrips and GUI settings. But she said the best way, and her favorite, is to use configuration profiles within the JSS.
Physical security of Firmware/EFI, encryption, USB, and Bluetooth were at the top of their list of concerns. Unger says IT admins can setup a JSS policy or configuration profile to alleviate these. Instead of turning off a USB port or Bluetooth, you can instead block drives from mounting with configuration profiles.
Telecommunications and network security, in particular cloud access at the network and client level were a few of the first things that were mentioned to her. Among others concerns were browser plugins and email attachments. She says that the initial thought of many would be to block and turn everything off that’s not absolutely needed. But she says what you can do, and what she recommends, is to look at your firewall settings and network ports to see what can and cannot be turned off instead of immediately turning everything off. Again, configuration profiles can be used to restrict access to network items. And you can use the JSS to restrict software applications.
Penetration testing, ethical hacking, and a slew of exploits were brought up to her during her conversation with her InfoSec friends. For hacking, she says there is “no switch you can switch and nothing you can do to say that you’re always on top of every vulnerability and exploit.”
But you can mitigate risks by using the processes that were mentioned above. She added that with these steps, you’re already headed in the right direction.
So why make friends with InfoSec?
Unger summed it up best when she said that making friends with InfoSec will help you receive recommendations from them, put standards and procedures in place, and easier develop the strategies to better understand risks.