On Jan 21, 2010, at 7:29 PM, Edward Ned Harvey wrote: >> And what services would those be? If Mac OS X is "pretty loose about >> opening things up to the network", can you tell me which network >> services are running on an out-of-the-box OS X install? And how that >> compares to other OS installs? > > Of particular interest to me, iTunes. I work at a company which is one of > many companies inside an incubator company. We have our own private > network, isolated by Cisco firewall. Even from inside my company's private > LAN, we can see all the Macs that other people have at other companies ... > and listen to their music without asking anybody permission. > > By default, the most dangerous protocols are not enabled. Screen sharing > (vnc), file sharing, ssh, etc. But if anyone has them turned on, bonjour > simply announces it to the whole network. "Yup, I have vnc enabled. Any > takers? Anyone?" > > It's not hard to conceive there may be exploitable vulnerabilities in those > protocols ... or whoever enabled those protocols might have used weak > passwords. I don't bother trying to get into other peoples' systems, but I > know I do what I can as IT person for my company, to prevent my users from > doing such things. First and foremost, enable the firewall before I give a > laptop to a user, and enforce a password complexity requirement.
Or simply have your switches set up to not route Bonjour traffic... -Pete _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
