Wi-Fi and Macs: avoiding trouble

Apple users say their Macs are a more secure working tool than Windows-based PCs. Unfortunately, it’s not exactly true.

Apple users say their Macs are a more secure working tool than Windows-based PCs. Historically, UNIX-based systems were less popular among users and hackers, so today many end-users and businesses (especially SMBs) tend to think that using Macs make them totally secure, without any extra measures necessary.

Unfortunately, it’s not exactly true. Aside from the fact that OS X have its share of bugs – Apple patches them in numbers on a regular basis – there are also global, non-platform specific security issues.

If you’re only responsible for your own hardware, all you have to care about is your own bank cards and personal documents. But what if it is a corporate hardware that is regularly used within your company network?

Most remote workers are a potential vulnerability in a corporate network. An infected device authenticated within the network puts the entire network at risk, possibly ringing alarms for the entire IT staff and security service (not just IT security) in the company.

How it happens

A weekday morning. You’re in your favorite coffee shop. You take your first sip of a coffee and you start waking up – finally. Then you open your laptop and check work e-mail, then social networks – of course. A nice beginning. Coffee’s good too (keep in mind, though, that doctors don’t recommend exceeding four cups a day). Ah, yes, there’s a transaction to be completed before the end of the day.

But there’s a problem: most likely you’re using an open – i.e. public – Wi-Fi.

Pitfalls

Wi-Fi networks in the café and other public places are usually secured in following ways:

  1. None. Unfortunately. So within the hotspot range (10-40 yards) it’s no big deal for a crook to intercept your traffic with whatever confidential data it contains. The bad guy doesn’t even have to be in the same room with you.
  2. WEP (Wired Equivalent Privacy). A temporary key is used to encrypt the traffic. By analyzing 8-10 thousands of packets, a hacker can access next to any of the transmitted data.
  3. WPA and WPA-2. Encryption is conducted with an individual key generated for every user It supports TKIP and CCMP encryption technologies. WPA is the best way of securing traffic

Regardless, there’s no guarantee that you are completely secure, even if WPA/WPA-2 is used. There is a multitude of ways for hackers to access all of the data transmitted.

Some wildlife examples

  1. You send an e-mail with the quarterly finance report to your colleague. If there’s an attack going on, it is a malefactor who receives this report first; he then proceeds with reading and altering it then sends it on its way. Your colleague receives incorrect data, thinking that it is you who sent it.
  2. While you are connected to an open Wi-Fi, the malefactor retrieves your MAC-address, alters it and accesses your corporate network. Then it is all up to this network internal architecture, of course (i.e. how it is secured and segmented), but the first entry point is reached.

These are not the only possible scenarios, but we’ll try to secure ourselves.

Bolt and bar the shudder…

Automating the employees’ security is better than running hours-long, exhausting drills on security. And we do our best to help here. In the latest version of Kaspersky Small Office Security suite OS X-based PCs are protected as well.

Kaspersky Small Office Security includes:

  • Protection for Windows and Mac-based PCs and file servers from various malware.
  • Protection from phishing and other web-borne threats.
  • Security for smartphones and tablets, including anti-theft tools: sensitive data shouldn’t fall in wrong hands, and the devices are costly too.
  • Additional protection for financial transaction – Safe Money technology.
  • Protection from sensitive data leaks (including the information on clients). Such leaks always damage the reputation.

Managing is simplified so much that even a non-tech-savvy employee will be able to figure out how to handle it quickly and easily. But, if there is the necessity for external expertise, Kaspersky Small Office Security also supports remote connections.

Our solution for larger companies – Kaspersky Endpoint Security for Mac – has recently reached version 10. It includes:

  • Continuous protection and check on demand, using antimalware bases of Kaspersky Security Network cloud service and other technologies.
  • Protection from the network attacks.
  • Protection of data transmitted via HTTP and HTTPS in Safari, Google Chrome and Firefox web browsers.
  • Automatic updates of antivirus bases.
  • Remote management of security settings via Kaspersky Security Center.
  • Antiphishing module.

Per users’ requests a number of other features were added, such as installation without GUI, support for installation via Casper Suite – a third-party solution for OS X and iOS management, activation of local key via command line, and OS X 10.11 (El Capitan) support.

Installation is straightforward:

  1. Launch the installation package
  2. Follow the installation master instructions

For other ways of installation please visit our Knowledge base.

Tips