It’s important for any business with more than a handful of computers to centrally collect security logs. Using a SIEM, situational awareness is greatly improved via event correlation and automated alerts. Apple provides a command line tool and an API to extract event logs. For those businesses that prefer commercial software, JAMF Protect sends MacOS…
Category: Security
Posts about information security
Bitwarden password manager
I’ve been a fan of 1Password for years. It has served me very well, and I recommend it without reservation to most of my clients. Unfortunately, I had to stop using it because of DoD CMMC requirements. When storing CUI (controlled unclassified information), any cloud service must be either FedRAMP authorized or have FedRAMP-equivalent security.…
Mac security log collection
In corporate environments, the collection and analysis of security logs isn’t just best practice. It’s often a compliance requirement. As with most business solutions, there are server and client components for log collection. The client software reads the security log generated by the operating system. The server ingests the logs sent by the clients. Additional…
Clicking on links can be a risk
The safest way to visit a website is to type the address of the website (e.g., apple.com) into your browser’s address bar. If it’s a site that you visit frequently, bookmark it. Here are two common ways that attacks are initiated: A deceitful email contains a link to a phishing web page. The email is…
QuickBooks Desktop and FIPS encryption
If you’re a DoD contractor, you might have tried to use the Windows “FIPS mode” with QuickBooks Desktop. Unfortunately, QuickBooks does not run when Microsoft’s FIPS-compliant encryption libraries are enabled. This creates a potential problem for contractors who need to be compliant with NIST 800-171 requirements. Data-at-rest doesn’t necessarily need to be encrypted (see 3.13.16),…
If you’re a Department of Defense contractor in New York City, MacMaven Consulting can help your company attain CMMC certification. For those companies using Macs and still searching for security expertise, here is some advice from the trenches: Hire a consultancy that has extensive experience in information security, ideally at large businesses. If a firm’s…
VPN remote access
Working from home is the new reality under the threat of COVID-19. While large enterprises have had remote access capabilities for years, most small businesses haven’t addressed this need. Given that 34% of Americans work at a small business, it’s likely that millions of Americans aren’t able to work remotely. If you’re a small business…
Most of my long-term clients have made information security an integral part of their computing. We spend significant time on improving the security of their systems. When I visit a new client, I know what to expect. There are almost always significant deficiencies in security controls. 20% of my new clients have adware/malware that they…
Mitigate spoofed email
You’ve probably noticed that fraudsters spoof email addresses in their phishing attacks and other scams. They are probably spoofing your company’s email addresses too, sending messages to your customers and employees. While spoofed email using your domain name can’t be eliminated entirely, it can be reduced and/or marked as spam. You can also increase the…
Yubico sells Mac-compatible USB authentication keys for two-factor authentication. Its YubiKeys support a slew of authentication mechanisms. I just started working with their FIPS-validated key for one of my clients. Yubico’s FIPS keys appear to be functionally equivalent to their YubiKey 4 series. (Yubico is currently selling the 5 series for those customers without a need for…