They did it at my last work place, in order to get an IP from the DHCP server your MAC address had to be "Quiped" (registered with the server). It worked very well indeed, and this was a huge network (Windows, Linux, Solaris).
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Powerbook on Corporate Network -> You get Fired!
- Thread starter RedMacMan
- Start date
- Sort by reaction score
I didn't say impossible, just that it would be a big overhead in terms of administration, especially with today's portable devices.
It's one thing to do it in a DHCP server, but if you had to do it on the switches to block someone from sniffing traffic, then you have additional overhead there.
Makes me sick thinking about that.. 🙂
Don't get too mad at the guy for being wanting to keep your Mac out, thats what IT proffesionals are for. I mean heck if they started letting Mac's in most of the would be out of jobs 🙂
Is it possible that a Mac may pass along a Windows-targeted virus unknowingly? Perhaps obtained it from an email, but the user didn't know it since the virus didn't affect his/her machine.
This could be an area of concern.
This could be an area of concern.
The network guy at the university was very polite when he wouldnt let me access iDisk from a PC. Gave me a workaround that would have involved me getting VPC for my Mac, installing some crappy plug-in and dialling in to a poxy storage drive from home. Really important guy being in charge of such up to the minute technology.🙄
You can infact spread windows viruses through a Mac. How would the admin know if you ran VPC or not?
This is a very common policy and a good one from the point of view of support. However this is an idiotic policy from the point of view of security, productivity and reliability. It is okay if your network can't handle an unknown computer running an OS other than Windows but that does not make it any more secure. Anybody with a floppy disk, USB flash drive, PDA, or personally owned computer of any kind can unintentionally introduce malicious code that could poke holes in your security without ever being aware that it happened. Any device that can access both a corporate computer and an outside nework such as a Palm Pilot is a potential security risk. Not allowing such devices into the building can reduce the frequency but not the severity of access violations. In other words, such a policy makes the network easier to support but that's all it does.
Network guys are generally justified in keeping a tight leash on what's on their network, particularly if there's a lot of secure internal information (though as yamabushi says, so long as the computers have disk drives and USB ports, and IT lets you use them, there's a huge hole there as well). And if a "no outside computers on the network" item is in the corporate IT policy, then that's the way it goes.
That said, being mean about it is just that, and it's far from impossible to have a large system with a fair amount of freedom. Aside from the examples listed here, I work at a university that has 5-10 thousand computers on a WAN spread out over a 20 mile area, with dozens of local hubs, a variety of locally located and managed servers, and just about every OS you can think of.
So long as you go to the IT guys and ask them to add your MAC address to the database, you can use absolutely anything you want on the network. So far, even with thousands of annoying students on it in addition to campus servers, labs, and individual workstations, it's run quite well. If you start an unpatched Windows box that is vulnerable to the Blaster worm, of course, they'll be on you in a heartbeat to fix it, but it can work.
Point being, it may be more of a hassle, but it can happen if the company is willing to accomodate, and most reasonable ones are--better to have productive employees than a homogeneous network.
Like everybody else says, talk to your manager; if the IT policy forbids anything from the outside, you may be out of luck, but if the manager has enough clout with managment or there's a loophole for special-purpose boxes, you could be in luck.
Rule #1 of giant, faceless network use: Ask first. Only get sneaky when you're desperate.
That said, being mean about it is just that, and it's far from impossible to have a large system with a fair amount of freedom. Aside from the examples listed here, I work at a university that has 5-10 thousand computers on a WAN spread out over a 20 mile area, with dozens of local hubs, a variety of locally located and managed servers, and just about every OS you can think of.
So long as you go to the IT guys and ask them to add your MAC address to the database, you can use absolutely anything you want on the network. So far, even with thousands of annoying students on it in addition to campus servers, labs, and individual workstations, it's run quite well. If you start an unpatched Windows box that is vulnerable to the Blaster worm, of course, they'll be on you in a heartbeat to fix it, but it can work.
Point being, it may be more of a hassle, but it can happen if the company is willing to accomodate, and most reasonable ones are--better to have productive employees than a homogeneous network.
Like everybody else says, talk to your manager; if the IT policy forbids anything from the outside, you may be out of luck, but if the manager has enough clout with managment or there's a loophole for special-purpose boxes, you could be in luck.
Rule #1 of giant, faceless network use: Ask first. Only get sneaky when you're desperate.
Yeah, thanks for all the interesting replies everyone. I guess the moral of this story is:
If you want the nice corporate paycheck,
You have to play by the crappy corporate rules.
It's too bad really, cause I'm a classic non-conformist. I Think Different in a big way and have a problem with authority.
So remind me again why I'm making a living in Corporate America... 😀
If you want the nice corporate paycheck,
You have to play by the crappy corporate rules.
It's too bad really, cause I'm a classic non-conformist. I Think Different in a big way and have a problem with authority.
So remind me again why I'm making a living in Corporate America... 😀
It's a good thing you didn't have the guts or nerve (being a dirty consultant) saying that no virus on Mac line to the admin, he would've laughed his ass off.
Tell me something. If Macs don't have virus, why does Symantec make a Mac version of NAV? And why do a lot of people install NAV on their Macs? Hmmm?
Tell me something. If Macs don't have virus, why does Symantec make a Mac version of NAV? And why do a lot of people install NAV on their Macs? Hmmm?
When's the last time
1. You heard of a mac virus (OS X)
2. You heard of a mac virus infecting a windows network
I've never heard of either. If you can point me to some research on the topic I'm sure it'd be an interesting read.
1. You heard of a mac virus (OS X)
2. You heard of a mac virus infecting a windows network
I've never heard of either. If you can point me to some research on the topic I'm sure it'd be an interesting read.
Mac users install NAV because a lot of mac users are ex-PC users who can't get over their (formerly justified) fear of viruses.
Symantec makes NAV for mac because people buy it. That doesn't mean they need it (see above)
🙄
I think you're missing the point here. Network/System admins like to keep tight control of their networks, and they have every right to. It's their job, and their responsibility to ensure a secure, managed & stable enviroment. They would not want you to connect anything to it that they have not explicitly approved.
Remember reading the article about the FBI and Mac use.
The agent refused to plug his Mac into a foreign network because it would compromise his machines security.
The chances of anything happening were remote, but the exposure for problems (ie, getting a trojan horse) is possible.
When you plug a foreign machine into a corporate network, you are compromising the security (even if it is a Mac).
If they have a policy of keeping foreign machines, camera phones, etc. out of the office and off the network -- they should can your ass for doing it.
Of course it sounds like it is a outdated PC ethernet system, so putting something new on the network could easily cause problems for others. You sneeze around some of those old networks and everything crashes.
Using a new print driver to print ... 😱
There is a big misunderstanding here. Macs can spread viruses to Pc's.
Macs cannot suffer from them, but they can certainly infect others.
Why do we have anti-virus software?
So that we do not spread viruses, sort of like being a good neighbor. It is really a good responsible thing to do, to have Anti-virus software on your Mac.
Macs cannot suffer from them, but they can certainly infect others.
Why do we have anti-virus software?
So that we do not spread viruses, sort of like being a good neighbor. It is really a good responsible thing to do, to have Anti-virus software on your Mac.
This is sort of like saying a healthy person could spread chicken pox by injecting people with cultured varicalla zoster virus.
To spread a Windows virus, a Mac user would have to deliberately forward an infected eMail, or otherwise manually copy the executable. Not impossible, but it requires a deliberate act on the part of the Mac user. So long as the Mac user is not malicously minded (or monumentally stupid) --And you seem to be niether-- a Mac without virus software poses no threat to anyone.
Well, lets say that someone decides to plant a virus in an email that is sent to that person at work (i.e. 'what I did this weekend', or 'check out this funny joke' sort of thing. I know lots of people at work who get these and forward them to about 30 other people (literally).
You have to realize, he didn't want you off the network because of your Macintosh...using older hubs and cables can significantly slow down the network if you are in a bus-star topology...it would be like a big bottleneck,
especially if that hub of yours was only 10Mb. When this happens, and Admins get a 'network is slow' moan from the group down the line...well, they have to spend a lot of their time trying to find where it is.
You have to realize, he didn't want you off the network because of your Macintosh...using older hubs and cables can significantly slow down the network if you are in a bus-star topology...it would be like a big bottleneck,
especially if that hub of yours was only 10Mb. When this happens, and Admins get a 'network is slow' moan from the group down the line...well, they have to spend a lot of their time trying to find where it is.
Yeah, I could see this happening, but wouldn't it reduce the effectiveness of the virus, from a social engineering perspective? The text of mass-mailed eMail viruses is usually something like "Look at this really cool attachment" to trick the user into opening the payload...putting in some kind of joke or story would probably distract the user from the virus part. It could be done, I suppose (don't want to give anyone any ideas) but it seems a little redundant.
You might try actually reading your companies policy. Could it be that this IT guy was just an I-hate-Apple/Macs-with-every-ounce-of-my-being kinda guy and he was really just bluffing you? He could just be lying because he doesn't like Macs (and obviously knows nothing about them). He's got to be bluffing about monitoring you. How could he possibly have time with all the Windows patches there is to install?...
If he wasn't lying and the policy is as he stated, then I suppose you could try reconciling with him and ask him what it would take to allow your Powerbook on the network. If it took AntiVirus software, or using your firewall, I think anything would be worth not having to use a crappy compaq.
The real moral of the story: Don't ever talk to the IT guys, because they aren't there to help you anyway. They could care less about what kind of problems you have.
If he wasn't lying and the policy is as he stated, then I suppose you could try reconciling with him and ask him what it would take to allow your Powerbook on the network. If it took AntiVirus software, or using your firewall, I think anything would be worth not having to use a crappy compaq.
The real moral of the story: Don't ever talk to the IT guys, because they aren't there to help you anyway. They could care less about what kind of problems you have.
Dukmeiser,
I know of only one problem that would possibly cause him to not want a Macintosh on the network. Otherwise, it would be like I stated before: someone is using hardware and programs that are not specified for use by the company. That can lead to tons of problems.
The only thing about Macs that I have ever heard, is that when configured on a Windows based network by someone who is not Macintosh Certified for Networking and is not Net+ or higher certified for Windows networking, the incorrectly configured Mac can cause packet death and cause throughput to be greatly lessened for everyone down the line from him.
First of all, hubs are not very good networking devices. Hubs send the data you send out on the network to everyone on it, including everyone who doesn't need to hear it. Switches, on the other hand, deliver the frame/packet to the most direct source (i.e. just the person it needs to go to). So, using the hub alone causes excess traffic on the Network, and that may have aggrivated him a bit.
Secondly, Macs make incredible hacking machines on a windows based network unless they have the correct software installed, etc, etc. Pressing the F8 key while booting logs you into a Unix Prompt, with supernode access. That means you can do, and look at, whatever you want to on a network; change admin passwords, turn off admin accounts, view confidential files, delete confidential files, play with the payroll database, anything. (I do not condone any of those activities, I gave them merely as an example as to why a Mac could be viewed as a huge security flaw hacker-wise on a Windows network.)
Thirdly, you were probably not running the required softwares the company purchased to allow 'better' networking and help keep the network secure. I highly doubt that if you just went and talked to your IT guy, he wouldn't set you up with what you needed to put on the Mac to make it 'suitable' for your company.
It is for those above reasons that any Admin could easily tell you that you needed to take a computer off the network, especially number two.
I know of only one problem that would possibly cause him to not want a Macintosh on the network. Otherwise, it would be like I stated before: someone is using hardware and programs that are not specified for use by the company. That can lead to tons of problems.
The only thing about Macs that I have ever heard, is that when configured on a Windows based network by someone who is not Macintosh Certified for Networking and is not Net+ or higher certified for Windows networking, the incorrectly configured Mac can cause packet death and cause throughput to be greatly lessened for everyone down the line from him.
First of all, hubs are not very good networking devices. Hubs send the data you send out on the network to everyone on it, including everyone who doesn't need to hear it. Switches, on the other hand, deliver the frame/packet to the most direct source (i.e. just the person it needs to go to). So, using the hub alone causes excess traffic on the Network, and that may have aggrivated him a bit.
Secondly, Macs make incredible hacking machines on a windows based network unless they have the correct software installed, etc, etc. Pressing the F8 key while booting logs you into a Unix Prompt, with supernode access. That means you can do, and look at, whatever you want to on a network; change admin passwords, turn off admin accounts, view confidential files, delete confidential files, play with the payroll database, anything. (I do not condone any of those activities, I gave them merely as an example as to why a Mac could be viewed as a huge security flaw hacker-wise on a Windows network.)
Thirdly, you were probably not running the required softwares the company purchased to allow 'better' networking and help keep the network secure. I highly doubt that if you just went and talked to your IT guy, he wouldn't set you up with what you needed to put on the Mac to make it 'suitable' for your company.
It is for those above reasons that any Admin could easily tell you that you needed to take a computer off the network, especially number two.