Educause Security Discussion mailing list archives
Re: Mac security options
From: Sherry Callahan <scallahan () KUMC EDU>
Date: Tue, 9 Jul 2013 18:59:43 +0000
Hi, David- Ditto on the "Macs are hard to secure" sentiment. We're just embarking down this road and have decided on a multi-product approach to bringing Macs in line with the standards that we enforce on our Windows machines. Because Apple doesn't have a "keep your hard drive" option as our PC vendor does, we're going to encrypt all Macs (both desktops and laptops) with McAfee Endpoint Encryption. It's managed through McAfee's ePO console, along with the McAfee antivirus for Macs. For policy enforcement, we're using a product called Centrify, which allows you to enforce Active Directory group policies on the Mac. As part of that solution, the Macs will be joined to our Active Directory domain. And for patches, we're using our existing LANDesk solution. We're in the beta phase of this project right now and have rolled out the solutions to the IT group and a limited number of users. I'd be happy to talk to you about experience so far if you have any questions. Sherry Callahan Information Security Officer University of Kansas Medical Center (913) 588-0966 | scallahan () kumc edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Opitz Sent: Tuesday, July 09, 2013 12:46 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Mac security options Hi, We are looking at ways to better manage our university owned Macs. I'm wondering what steps you take to secure Macs in your environment (both desktops and laptops). In particular, which of the following do you do in your environment: - Hard drive encryptions for Mac laptops (if so - which product do you use?). - Enforcing password complexity. - Managed operating system patches. - Managed application patches. - Anti-virus installed. Are your Macs in AD? Do you use SCCM to manage them? Do you use a different product to assist in the management of your Macs? Do you have a Mac configuration standard? Is there anything else you do to secure your Macs? Our answer has mostly been "Macs are hard to manage in a large enterprise" so we haven't been doing too much, but we are finding that is just not acceptable when they will be used to access university data. Peace, Dave Opitz Loyola University Maryland
Current thread:
- Mac security options David Opitz (Jul 09)
- Re: Mac security options Sherry Callahan (Jul 09)
- Re: Mac security options Nevin, David (Jul 09)