This will be my last post on the issue, since there's a real danger here that people are conflating things that need to be done per an audit that must be followed, with things that make sense. Plain and simple. If you are all drowning in business, and can dump a client everytime they ask you to do something stupid, that's awesome. I don't maintain that luxury.
On Tue, Oct 5, 2010 at 4:43 PM, Dan Shoop <[email protected]> wrote: > First how did this rogue WiFi point penetrate your building physical > security? > Umm... it didn't? It's in a parking lot, perhaps? > Second, how did this black hat "root kit" the Mac? It's not like there are > any real exploits to be concerned about. > Dear Auditor, no mac, ever, can be hacked. So why bother? This company runs anti-virus too, it isn't going to go away. > Third your Mac isnt' just going to magically join a rouge access point > unless you confiure it to join networks automatically, so just turn off that > feature. > Even I have "joined" random access points. I've sat in a floor of an office building, connected to a very locked down network, and tried out a few SSIDs to see if I could check my mail real quick. Now, I delete those SSIDs when I'm done, but I can imagine a regular user not doing so, and that enables a connection to happen again, in the future, even. > Forth have you heard of routing? And packet forwarding is turned off unless > it was very explicitly enabled by someone very familiar with sysctl. > There's really no reason to answer such a question. I think we've all seen Dan be condescending and inflammatory on the forums before. Considering a few of my routers, firewalls and switches seem to work in client environments, I'll let the other readers just assume one way or another if I've "heard" of routing. > Common? Unheard of is more like it. > Dear Mr. Auditor... nope, that isn't going to work either. > > Ethernet, with actively mounted fileshares, might not I be able to > > access those shares? > > > and you are plugged into a network via > By what mystical magicks? > Again, if you gain access to my box (and again, not mine, since I have some common sense here), and I already have shares mounted, and you are now logged in via say ssh as ME, then why wouldn't you be able to get to those shares? Again, this is a laptop with an active IP on both airport (some stupid access point they SHOULDN'T have connected to... but did) and an ethernet connection. If you SSHed into MY box as ME, via airport, and I had a valid LAN connection and a few mounted shares, you really couldn't access those shares? I bet you could. > This is seriously just paranoia and woolly thinking. > So? How does that eliminate the need for me to do it? _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
