Expert: Jeffrey Wrobel - 11/5/2009

Question
Hello, apologies in advance for the lack of my query's technical understanding.

At my workplace we have about 10 iMac computers, each one with it's own unique network ID #, which displays in the top right corner of the screen in Finder. Unfortunately I have no idea what type of network it is.

For the following scenario my computer will be network ID # 1.

Sharing is enabled on all computers and through a finder window all computers that are turned on appear in a list (for example I can pick ID # 2) and a new finder window will open providing a "Connect As" button. Upon clicking this I can edit who I am connecting as, either as a Guest or I can type in the ID of the computer I wish to gain access to. It appears that our company policy is for all computers to have the same password. This means that although I am sitting at my computer (network ID # 1) I can log in to another computer, e.g network ID #2, with the identity of ID #2, ie. an authenticated user.

There are no limitations on 'Sharing'. Is there any way of keeping a log of which particular computer or computers are gaining access by connecting as under my network ID #? Does my computer's operating system (OSX 10.5) keep a record?  

Any help you can offer would be greatly appreciated. Thankyou.

Answer
Dear Tim,
First, as a security consultant with many years behind me, I can say that your company's setup is quite common but is a HUGE mistake.  Not only is the entire network vulnerable to attack (if these are hooked to the internet), but there is no privacy.  Also, anyone who accesses one computer, can access another.  That holds true in the unlikely event of a virus or spyware attack.  There are not many viruses and other malware programs out there that affect Macs but the number is growing and non-secure networks are the primary vector of infection.

The first thing you should establish is a rotating password system.  It doesn't have to be complex, but I usually use the person's last name with a random 3 digit number.  Passwords should be changed EVERY 90 days at the VERY LEAST and ALL passwords need to be changed within hours of an employee leaving the company for ANY reason.  You need to prepare for the WORST case scenario, not the probable one.  

Make sure a commercial firewall appliance (NOT software) is installed at the internet entrance to the building.  There's some great ones that give you the service and features of $3000 for around $400.  Go here:  http://www.safeatoffice.com/landing/

As for monitoring net traffic, the best thing to do is to purchase a copy of Net Monitor 4.5.1 from here:  http://homepage.mac.com/rominar/net.html

Let me know if I can be of further assistance.  Good luck and thanks for the question.
Sincerely,
Jeffrey Wrobel
LazCom.com