Securely Integrating OS X into a Corporate Windows Environment

3

1

I'm upgrading my laptop at work and I'm campaigning to have a MacBook Pro instead of a Dell laptop.

IT has concerns about the security of integrating OS X into what is solely a Windows XP/7 environment. I was hoping you could help me out:

  • What resources can you point me to that would help assess the security concerns?
  • Are there any immediate security concerns that come to mind?
    (I'm meeting with the IT Manager later this week and I'd like to have an understanding of his possible objections.)
  • If you were in my shoes, what questions would you want to be asking IT?

Thanks!

Kai Davis

Posted 2010-12-02T18:41:20.947

Reputation:

Answers

4

If you were in my shoes, what questions would you want to be asking IT?

Each environment has their own concerns - real or imagined.

Start by asking what their security concerns are about having the system in the environment, and then get back to them with the research you do to answer their concerns? This makes it look less like an I want to do this situation and more like a how can we do this scenario.

eric.s

Posted 2010-12-02T18:41:20.947

Reputation: 359

0

Maybe this will lead you in the right direction?

http://www.seminars.apple.com/contactme/pdf/L334436B_ActiveDirect_WP.pdf

bhamby

Posted 2010-12-02T18:41:20.947

Reputation: 166

0

In the following answer I will assume you are a high-level executive of a major oil company which makes it a bit easier to go into the paranoid mindset of security experts.

In theory, a Mac should be perfectly safe in a Windows environment. Even more so, in fact, if you include the security-by-incompatibility factor, since Macs and PCs don't have the same exploits so if an adversary were after your computer from a network and assumed you had a Windows computer, they'd be wasting their time on the wrong exploits.

However, there are a bunch of practical problems as well.
For one, the case where an industrial spy gets your hands on it. In this case, it would be a good idea to harden it up with (expensive by a PC user's perspective) software like Undercover and others. Don't forget FileVault.
Another problem may be a network attack. If your IT can provide you a list of security precautions they take on Windows computers, you can put corresponding precautions on your Mac and let them do some white-hat hacking on your laptop to be sure.

digitxp

Posted 2010-12-02T18:41:20.947

Reputation: 13 502

0

If we exclude paranoia, there is still a major issue -

if IT do not currently have the procedures or resource in place to support the platform, patch rollout, version control etc., then all you are doing by bringing this device in is negatively impacting security. Do you have a technical team who understand Macs and their security issues? Do you have the right vendor support in terms of patch notifications? Does your operations team understand the types of log alerts you may get from these devices? etc etc

If there is a good case for using this device, a business need should then drive the adoption of an IT policy and IT Security policy along with the associated procedures and standards to allow integration into the environment.

So argue the case from a business perspective - if it is of value to the business, then it should be able to be implemented correctly.

Rory Alsop

Posted 2010-12-02T18:41:20.947

Reputation: 3 168

Asked: 2010-12-02T18:41:20.947

Viewed: 284 times

Active: 2010-12-05T19:15:54.890