Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mac security options

From: Sherry Callahan <scallahan () KUMC EDU>
Date: Tue, 9 Jul 2013 18:59:43 +0000
Hi, David-

Ditto on the "Macs are hard to secure" sentiment.  We're just embarking down this road and have decided on a 
multi-product approach to bringing Macs in line with the standards that we enforce on our Windows machines.    Because 
Apple doesn't have a "keep your hard drive" option as our PC vendor does, we're going to encrypt all Macs (both 
desktops and laptops) with McAfee Endpoint Encryption.  It's managed through McAfee's ePO console, along with the 
McAfee antivirus for Macs.  For policy enforcement, we're using a product called Centrify, which allows you to enforce 
Active Directory group policies on the Mac.  As part of that solution, the Macs will be joined to our Active Directory 
domain.  And for patches, we're using our existing LANDesk solution.

We're in the beta phase of this project right now and have rolled out the solutions to the IT group and a limited 
number of users.   I'd be happy to talk to you about experience so far if you have any questions.

Sherry Callahan
Information Security Officer
University of Kansas Medical Center
(913) 588-0966 | scallahan () kumc edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Opitz
Sent: Tuesday, July 09, 2013 12:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mac security options

Hi,

We are looking at ways to better manage our university owned Macs.  I'm wondering what steps you take to secure Macs in 
your environment (both desktops and laptops).  In particular, which of the following do you do in your environment:

- Hard drive encryptions for Mac laptops (if so - which product do you use?).
- Enforcing password complexity.
- Managed operating system patches.
- Managed application patches.
- Anti-virus installed.

Are your Macs in AD?  Do you use SCCM to manage them?  Do you use a different product to assist in the management of 
your Macs?  Do you have a Mac configuration standard?  Is there anything else you do to secure your Macs?

Our answer has mostly been "Macs are hard to manage in a large enterprise" so we haven't been doing too much, but we 
are finding that is just not acceptable when they will be used to access university data.

Peace,
Dave Opitz
Loyola University Maryland
Previous By Date Next
Previous By Thread Next

Current thread: