How to Protect Mac computers in Enterprises

If you have consulted with computer security experts, you may think that they seem a bit paranoid about security issues, but this is not a good thing. Paranoia is an important part of effective security protection. On the contrary, the lack of paranoia is a dangerous factor, especially in the security of corporate Mac computers.

Mac OS X has won a good reputation in terms of security, especially compared with Windows, it is more secure. The main reason for this is that there are relatively few viruses and malware targeting Mac platforms. If you repeatedly assert that Apple is not easy to be attacked, it is a dangerous signal of over-confidence.

Changing security prospects

Viruses and malware on Mac computers are not easy to use. This is not a myth. There are many reasons, in part because of the system design. OS X is required to enter the administrator password when installing the privileged code to defend against the installation of most of the rampant "smuggling" malware. Despite Microsoft's efforts to control the development of the situation, however, such malware is still plagued by Windows XP for a long time, and Windows Vista is less infected.

In addition, according to statistics, Apple computer has been a weak target for malware developers. In the operating system market, more than 85% of users run Windows, and malicious software developers naturally invest in a larger market for resources to benefit.

However, the network security situation has become quite complex since the launch of OS X. The virus is outdated, and the latest Windows machines have been able to resist them well. The "bad guys" are developing new carriers, and Mac may not be spared.

Beyond OSCentered security issues

We only emphasize that Mac still has security risks, rather than attacking OS X. However, no matter how secure the underlying operating system is, more and more attackers are using third-party channels.

In January this year, we learned from a major security news that the Java 7 vulnerability that allows attackers to execute arbitrary code and can beat the sandbox has been discovered. Java developed by Oracle is not bound to OS X, but it is widely used because many websites and independent applications are written in Java. After learning about the vulnerabilities in Java 7, Apple blocked the Java 7 browser plug-in, but this is only a compromise. Users can still install Java 7 on Mac computers, if this state continues, they are still highly likely to suffer from external attacks.

Java is only one of its security risks. In addition, Flash is widely installed on Mac and Windws machines, which is more popular. Recently, we have discovered a series of the latest Flash Security Vulnerabilities. Attackers can use Falsh to install unauthorized software on the victim's computer, including Mac. Flash and Java are third-party platforms. In addition to OS X system updates, they must also be individually updated on third-party platforms. That is to say, this adds two additional tasks to the IT administrator, at the same time, the delay in updates also adds more opportunities for attackers.

Java and Flash are just two examples. We just want to illustrate a key aspect of Mac security today. Either shut down when a third-party software is running or choose another security policy. In short, you must keep them up-to-date in any security maintenance plan.

Phishing and social engineering

The built-in security defense measures of OS X are designed to prevent unauthorized software from performing privileged operations. However, what if attackers can gain authorization by deceiving users with malicious behaviors? This is also the idea behind many attempts to phishing and other forms of social engineering attacks.

Many Mac users manage their own devices, and most of them know the Administrator account password, because this allows them to install software. Dedicated attackers can exploit this vulnerability. Attackers may want to install any number of malware on the victim's device, including remote desktop control or software for capturing login and account numbers. To trick others into installing the software, attackers can do the following:

L send a malicious email to the victim, whose content is disguised as an official secure update download link.

L send a malicious email to the victim. The malware is hidden in a file, which may look like a photo or an interesting video.

L hiding malware in another software downloaded by the victim. This approach is usually to package malware in pirated software, but sometimes malware can even be embedded into genuine software.

In fact, when the operating system prompts the user to allow a specific setting, many will undoubtedly execute it. Some of the reasons are caused by habits. During the whole day, as long as we set up, the computer will always prompt. Attackers using this habit do not care whether the victim uses Windows or Mac. In OS X or any other operating system, there are very few security designs to prevent social engineering traps. For enterprises, there are two lines of defense.

One of them is to educate users on security. In the face of suspicious email links and system prompts, you may think: Isn't that clear? However, there is evidence that many people are not so cautious. Continuous reminders are essential to ensure that people can collapse the "safe string" in the face of email links and system prompts ".

Another line of defense is scanning tools that can capture phishing and malware before the user authorization phase. Therefore, many people think that Mac computers do not need anti-virus software. Strictly speaking, such attacks are not viruses, but in terms of the industry market, they already include countless attack vectors. Most vendors, such as McAfee, Kaspersky, and Symantec, Have Mac scanners-the virus can be used to help users who fall into social engineering attacks.

Outbound Firewall

Speaking of the operating system itself, it should be noted that OS X only has built-in inbound firewall. Therefore, you need to run a special lock. The Administrator should consider adding an out-of-site firewall, such as Little Snitch or TCPBlock. These software can be used for whitelist operations, set which applications can send data to the network, or help administrators find unnecessary data senders.