On Jan 21, 2010, at 7:29 PM, Edward Ned Harvey wrote: >> And what services would those be? If Mac OS X is "pretty loose about >> opening things up to the network", can you tell me which network >> services are running on an out-of-the-box OS X install? And how that >> compares to other OS installs? > > Of particular interest to me, iTunes. I work at a company which is > one of > many companies inside an incubator company. We have our own private > network, isolated by Cisco firewall. Even from inside my company's > private > LAN, we can see all the Macs that other people have at other > companies ... > and listen to their music without asking anybody permission. > > By default, the most dangerous protocols are not enabled. Screen > sharing > (vnc), file sharing, ssh, etc. But if anyone has them turned on, > bonjour > simply announces it to the whole network. "Yup, I have vnc > enabled. Any > takers? Anyone?" > > It's not hard to conceive there may be exploitable vulnerabilities > in those > protocols ... or whoever enabled those protocols might have used weak > passwords. I don't bother trying to get into other peoples' > systems, but I > know I do what I can as IT person for my company, to prevent my > users from > doing such things. First and foremost, enable the firewall before I > give a > laptop to a user, and enforce a password complexity requirement.
Let's recall what you said: > On Jan 20, 2010, at 8:20 PM, Edward Ned Harvey wrote: > >>> modern desktop distros are pretty locked down and don't have lots of >>> ports >>> open to the network the way they used to be a few years ago. >> >> Hopefully you're just talking about modern linux desktop distros. >> Cuz >> windows and osx are pretty loose about opening things up to the >> network. I >> don't know any OS with worse security than OSX. I'll qualify that >> by saying >> by default, OSX has no firewall enabled at all, and bonjour happily >> broadcasts to everyone, "Bonjour, everybody! Here's a list of what >> services >> I'm running..." If someone has enabled iTunes sharing, that says nothing about which ports are listening out-of-the-box. And it certainly doesn't justify your assessment about Mac OS X's security. Bonjour is a red herring; if you're concerned about security, then the simplest port scanner will find open services anyway. You still haven't backed up your comments by comparing how "loose" OS X is compared to other OSes. -------------------------------------------------------------------- Leon Towns-von Stauber http://www.occam.com/leonvs/ "We have not come to save you, but you will not die in vain!" _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
