11 November 2011

Protecting corporate Mac OS X devices with Sophos endpoint

Preparing your Sophos Enterprise Environment
Most corporates have got fairly well defined and enforced anti virus policies - for Windows.  Since Macs are becoming more and more common place on the corporate network you need to make sure that they do not become an infection point.  This article will go through what is necessary to add support for Mac OS X machines to your existing Sophos deployment.

Adding the subscription to a Update Manager
This will download and configure the Sophos binaries that will be deployed to the Max machines.
  • From the Sophos Enterprise Console
  • Click Update managers
  • Next to Software Subscriptions click the add button
  • Provide a friendly name for the suvscription
  • Under platforms check Mac OS X 
  • Select the "Recommended" version
You will then need to configure an update manager to distribute this subscription

  • Select the desired update manager
  • Right Click - Edit configuration
  • Select the Subscriptions tab
  • Add the new Mac OSX subscription
  • Select the Distibution tab

Check that there is at least one share listed for the new subscription.  Keep a note of this location as this is where you will initiate your installation from.

Once this is done you will need to wait for the binary files to be downloaded before you can deploy.  This is a good time to carry on configuring the management settings.

Create Policies
Since the policies that you want to apply to Mac machines will be significantly different to PCs I would recommend setting up a dedicated AntiVirus and HIPS policy

From the Sophos Enterprise Console

Create a new updating policy
  • Check that the primary server is the same as you configured above
  • From the Subscriptions Tab select the new subscription created above
  • On the Schedule tab change the interval for checking for updates.

Create a new Anti-Virus and HIPS policy
  • These are by default configured for Windows. so there are a few places you will want to edit the defaults
  • Configure the on Access scanning as required
  • The main item to change is  in the Scan for section
  • Ensure you check "Macintosh Viruses"
  • I also always change the Check files on and Cleanup settings
  • Remember that Mac exclusions are in a separate tab

Create a Group and Assign the Policies
Create a new group for the Mac machines
  • Right click and "View edit group policy details
  • Select the two policies you created earlier
  • Ok

Your environment should now be setup to manage your Mac machines once they have been installed and come online.

Installing the Sophos Client

Copy the files locally to start the install. (The process below is my quick and easy version)

  • Open Safari and in the address bar put the address of your distribution point you took note of earlier
  • eg.     sbm://sophos03/SophosUpdate/CIDs/S008
  • Copy the ESCOSX folder to the local machine
  • Open the folder and execute the Sophos Antivirus.mpkg
  • Step through the wizard

Next up you will want to confirm that the machine is showing up in the management console.  
To establish what the machine's netbois name is
Go to System Preferences - Networks - Advanced - WINS

Managing the Mac OS X devices
Like Windows devices once the machine is up and running it will start communicating with the server.  From the Sophos Enterprise console expand group
  • Select Unassigned
  • You should now see the Mac machine listed there
  • You can confirm by checking the Netbios name and also by looking at the other filed in the Computer Details tab
  • Drag the MAc to your Mac group your created earlier

When the settings are being applied to the Sophos client you will see a notification appear

You can also confirm the settings on the client machine by opening the Sophos app and have a look at the preferences

Adding support for Max OS X devices is relatively straight forward.  Managing them is the same as managing a Windows PC.  Support for this can be added with minimal training.  It is an absolute no brainer for me - if you already have a Sophos environement for Windows use it for Mac.  As the client base of Apple continues to grow so does the attractive ness of the platform for malware writers.  The fact that these devices are poorly protected makes the target even bigger on their backs.

No comments:

Post a Comment