Question for everyone

[shannanl]

I have a lan with about 75 clients. We use a Mcafee firewall. I have a doctor (we are a hospital) that loves Macs. He had two on there and in order to get them through the firewall we had to allow them to bypass the firewall to get out. Needless to say this left two holes in the security of our network. I recently took them off the network because of this and the doctor thinks I am crazy. He thinks that because they are Macs, they are immune to viruses, hacking, etc. Did I mention he is running the Mac version of Windows 2000 on these and they are connected to our network via a wireless airport base station? To make a long story short, I would like input from some other I.S./I.T. people on this. Am I doing the correct thing here or is he right that they are immune to hacking, viruses, etc.

Thanks in advance for the help.

Shannan

 

[Jump1ng]

You did the right thing of taking them off the network, the reason you got a firewall doesn't just disapear because someone need to hook up two computers for their leisure.

Mac's and Linux/Unix pc's doesn't have the same threat of viruses, but that doesn't mean that someone don't want to hack them.

If you got a good fast internet connection the net it would be lovely for a hacker or spammer to get on the machine and use it for his/hers malicious purposes.

But there should be away to use the mac's through the firewall like any normal pc. Don't ask me how as my only experience with mac's was running linux on them.

But since he doesn't seem to know how I don't see why you should let him do it. He clearly isnt following your set standards with wanting to use macs. Also they are his own machines going on to your private work network.

Kim

 

[shannanl]

Thanks Kim. They macs are only for his "enjoyment". We have good PCs for his department so he does not need the Macs.

Thanks for the info.

Shannan

 

[k111rh]

If they are for his enjoyment only, take him off the network and set him up with a dial up or broadband connection to the Internet. From there have him VPN into your network. This way you will have security control and he will have network access.

 

[supatech]

What do you mean exactly that you bypassed the firewall. What was the issue with them behind it? address that and you doctor can have his macs back. let us know!

CCNA MCSE MCP NET+ A+ Security+

 

[shannanl]

Supatech,

According to Mcafee we cant hook up macs on the lan. This is a Sonicwall firewall and it must install on the local machine and it is not able to do this on a mac. If we do not install on the local machine, the firewall will not allow the computer to get out to the internet. So, we had to exclude the two i.p. addresses of the macs in order to let them out to the internet. Inside the lan is still o.k., its going out that is not allowed.

Thanks,

Shannan

 

[supatech]

so their app won't run on a mac? could you send me link with your products documentation?


thanks sorry it took so long

CCNA MCSE MCP NET+ A+ Security+

 

[shannanl]

I have actually emailed Mcafee with questions regarding the problem. The firewall model is a Pro-100.

Thanks,

Shannan

 

[dkediger]

SonicWall is a hardware based firewall. You should be able to set the MAC's gateway IP to point to it and all will be fine.

SonicWall does use McAfee in certain models for a system-wide Anti-Virus. But this shouldn't interfere with the basic firewall function of the SonicWall itself - the MACs just won't get the auto updates from McAfee on the SonicWall.

 

[shannanl]

In order for a computer on the sonicwall to access the internet, it must first install some components onto the computer. If it can't install or if the components are out of date it will not let the client out onto the internet. This is the problem with the macs because the install does not appear to be for macs, only pc's. The only way I can find to get around this is to exclude the i.p.s from the updates and I do not want to do that.

Thanks,

Shannan

 

[dkediger]

Interesting - so let me restate this as I've never used a SonicWall with the included McAfee suite:

The McAfee suite must be present on the LAN IP and up to date in order for the SonicWall to clear that IP address out to the WAN (internet)?

If that's true - then your only option is to exclude those IPs from the install/updates of McAfee. Surely the SonicWall interface provides an option for this - if not, then you're SOL. Your Macs will still be protected at the IP port level by the SonicWall but won't have virus protection by McAfee. I don't believe too many companies even make Mac AV products.

 

[shannanl]

Yes, that is how it works. I have an email in to McAfee now to see if they have something that can be used with the Macs. Its all kind of silly because we provide pc's for this doctor that will do anything that he wants to use the macs for. He just wants to play with his "toys". Its not worth risking the security of our network for someones "toys". He does not understand that or does not want to accept that but until he is over the I.T. department then he will have to play by our rules.

Thanks,

Shannan

 

[dearingkr]

I have a documented IT Policy that has been approved by the president of the company. It is very thorough.

One statement says that no one except IT Staff is allowed to connect anything to the network. All violations are reported to the president.

If you wanted to get hard-core about it, you could implement MAC-level security on your switches.

MCSE CCNA CCDA