Employer Scanning personal notebook

Discussion in 'MacBook Pro' started by LikuidMetal, May 25, 2011.

  1. LikuidMetal macrumors regular

    LikuidMetal

    Joined:
    Feb 25, 2010
    Location:
    Irving Texas
    #1
    So I work from home but at time I go into the office and connect to the company network. I have personal data on my notebook. I know they can scan company equipment but what about mine? Since I own it how does that work? And what can I do to prevent my MBP from being scanned?
     
  2. RafaelT macrumors 65816

    RafaelT

    Joined:
    Jun 9, 2010
    Location:
    Lakeland, FL
  3. Blipp macrumors 6502

    Joined:
    Mar 14, 2011
    #3
    I'd say it depends entirely on your company's policy on personal devices on their network. I work in a highly regulated industry where security is always an issue and the company reserves the right to scan any device that connects to their network or has corporate documents stored on it. The company is very willing to, and in fact would rather, issue you a corporately owned and managed laptop for you to use for company business but many users insist on using their own machines. It becomes an issue of having your cake and eating it to, but the policy is very clear on the matter.

    With all of that said they very rarely actually look through someone's personal laptop unless they've given the company good reason to first.
     
  4. johnnj macrumors 6502a

    Joined:
    Dec 11, 2008
    Location:
    Not here
    #4
    Many companies with comprehensive IT security controls in place disallow attaching personal equipment to the company network.

    If you know that your company has that rule (it'd be in the official IT usage policy document), but don't care...
    Not sure about what scanning your referring to. Port scanning? Asset inventory scanning? All of the asset discovery systems I'm aware of require an agent to be installed on the workstation, so you're probably safe from that. Turn on the firewall and set it to block all incoming connections. If you it's port scanning, then turn on the firewall and put it in stealth mode.

    They'll still see that this machine is connected to a port on the switch and it will report the MAC address which will say it's an Apple product. If it's the only one in a PC shop then it might raise a flag, if anyone is in fact looking for flags of that type.
     
  5. Vudoo macrumors 6502a

    Vudoo

    Joined:
    Sep 30, 2008
    Location:
    Dallas Metroplex
    #5
    It may be your laptop, but it's their network. I've seen employees introduce viruses onto the network through something as simple as a USB key. It's best to leave your personal laptop off their network.
     
  6. LikuidMetal thread starter macrumors regular

    LikuidMetal

    Joined:
    Feb 25, 2010
    Location:
    Irving Texas
    #6
    WOW! I would first like to thank everyone for their responses. My reason for asking is because my wife and I run a small business. I have all our client data backed up but a lot of that is on my MBP as well. I just didn't want someone getting a hold of our information. I do not have any company programs/agents installed on my MBP and my company will not issue me a notebook for company use. So I'm stuck using mine. I will double check my firewall and set it to block incoming access if it's not already set. On the days I do go to the office I only connect to check email. What I ment by scanned is when I'm connected to their network and their IT accessing my MBP but I think jonnyj answered that.
     
  7. Rhyalus macrumors 6502

    Rhyalus

    Joined:
    Mar 4, 2011
    #7
    I would not try to block them... I would encrypt my data.

    Regards,
    R
     
  8. Hansr macrumors 6502a

    Joined:
    Apr 1, 2007
    #8
    If you disable all options in Sys Prefs -> Sharing and don't run any additional servers/daemons there is no way for them to access the contents of your computer.
     
  9. LikuidMetal thread starter macrumors regular

    LikuidMetal

    Joined:
    Feb 25, 2010
    Location:
    Irving Texas
    #9
    How would I go about doing that?
     
  10. Rhyalus macrumors 6502

    Rhyalus

    Joined:
    Mar 4, 2011
    #10
    I use Truecrypt on my PC... I am not sure how well this performs on Mac - some Mac guys should be able to share what they use.

    http://www.truecrypt.org/

    It is possible that a "paid" app would be faster.

    R
     
  11. the_fellowship macrumors regular

    Joined:
    Aug 10, 2008
    Location:
    London, UK
    #11
    Use an encrypted disk image for your personal data. You can set it up via Disk Utility.
     
  12. deadwulfe macrumors 6502a

    deadwulfe

    Joined:
    Feb 18, 2010
    #12
    This is what I use for any sensitive data and it works just like any other disk image on a Mac. I could enable File Vault, but I'd rather not take a performance hit just so I don't have to organize important information. Disorganized and important information just don't belong together.
     
  13. rebby macrumors 6502

    Joined:
    Nov 19, 2008
    Location:
    MN
    #13
    Agree 100%. I work in IT security and have seen people get fired for even connecting a personally owned device to a company network. It's a bad idea. If you need connectivity to the company network, use a company owned and managed device.
     
  14. getz76 macrumors 6502a

    getz76

    Joined:
    Jun 15, 2009
    Location:
    Hell, AL
    #14
    Agreed. I don't work in IT but I am management. We specifically state in our Employee Handbook regarding the restrictions on IT infrastructure use.
     
  15. johnnj macrumors 6502a

    Joined:
    Dec 11, 2008
    Location:
    Not here
    #15
    Works great as long as you're running the right versions of things, such as Mac Fuse and NTFS (if you're cross platforming).

    The fact that it does work cross platform is what does it to me.

    And yeah... I'm in upper IT management and we have a no personal device policy and I agree with it. The last time this same exact question came up the OP threw a tantrum about not being told what to do and if he wanted to know if it was right then he would have asked that. I think in that case it was at a college, though.

    I made an incorrect assumption that this OP would have reacted similarly so I made a couple of simple suggestions. Please be gentle with me. I'm still sensitive after close proximity exposure to the stolen receipt thread.
     
  16. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #16
    IIRC, as of TC 6.2, they supported HFS+ as a volume format. And it works great!
     
  17. harcosparky macrumors 68020

    Joined:
    Jan 14, 2008
    #17
    DO NOT take any information you do not want them to see, into work with you.

    In other words, if you are going to use a privately owned notebook at work and at home to do company business make sure all private/personal date/information is off of that notebook.

    Get a small USB bus powered HDD for the information you want kept private.

    The only way to keep it private, is to not allow it to be accessible.


    FWIW: I would not do work at home on a notebook not issued to me by an employer unless I was in some way compensated for such use.


    .
     
  18. jdelgado macrumors regular

    Joined:
    Oct 25, 2009
    #18
  19. getz76 macrumors 6502a

    getz76

    Joined:
    Jun 15, 2009
    Location:
    Hell, AL
    #19
    Actually, if he is not explicitly sharing his information over the network, they cannot see it just because he is accessing the network. If he sends or receives a file over the network, then it is available for a peek by IT.

    Just try to look into a computer on your home network. Unless it is shared, you cannot just look at the contents. Same rules apply.

    All this is assuming he can get on his company's network.

    FYI, my company is currently using a logger for any files transferred via USB. We wanted to ban thumb drives, but senior management killed that idea. The logger saves an copy of all data transferred in an admin protected zip file. But if the logger isn't installed, there is no way to know what's coming off or coming in. Somebody can still get malware onto the network, but at least we can easily identify who it is.

    The bigger issue is emails. I cannot believe how many companies allow executables to be downloaded via email and opened. Rarely do operational employees need to open an EXE file. Why let them do it without IT permission? Ugh.
     
  20. LikuidMetal thread starter macrumors regular

    LikuidMetal

    Joined:
    Feb 25, 2010
    Location:
    Irving Texas
    #20
    Thank you everyone. All of you have been really helpful and the information you have provided has been educational. I'll be in the office tomorrow and checking into some of these ideas.
     
  21. Rhyalus macrumors 6502

    Rhyalus

    Joined:
    Mar 4, 2011
    #21
    Truecrypt is Mac compatible....not sure what this comment about Mac Fuse and NTFS means?

    Am I missing something?

    Regards,
    R
     

Share This Page