How to Hide on a Network
 

OK, so I stubbornly remain one of the last Mac users on our very large corporate network (probably tens of thousands of workstations in a half dozen builidngs separated by a couple of miles) . All of the authorized workstations run Windows 2000 5.xx I use a 15" aluminum powerbook OS 10.4.4

For a while I used a wireless router until the IT guys found it and confiscated it. I'm told that I can't connect my powerbook to the network anymore (I've been doing this for at least 10 years now) and they seem to be able know that I'm on. I've heard tell about something called portscan, but that's all I know about it. I get the idea that they were particularily put out by the unauthorized wireless access point.

So, is there a way to continue to use my powerbook and fly under their radar? I imagine I'm talking about the built in wired ethernet connection, which would be fine, unless there's a better way with wireless.

Any thoughts much appreciated...

Thanks!!!!!

What about setting up a non-wireless network.
Assign it a IP within the range of the network or use DHCP.
Plug the network cable into the WAN of the Router and your Mac into the LAN.
Have the router assign you an IP.
Done properly they would see the router's IP (don't use 192.168.1.1) and not your Mac because the NAT of the router will hide your network.
They will still see you use a Mac when they walk by the desk but should be able to see it.

The setup can be a little complicated, so I can post the details if you need.

I doubt you'll get much help from these forums. A lot of us have jobs like those "IT guys" of which you speak, and we understand that a company often has very good reasons for controlling access to its network. These are serious issues related to security and data retention. If I discovered someone at my workplace was intent on deceiving my department and repeatedly breaking our rules, I'd do my best to get him/her dismissed. Honestly, I know it's an inconvenience, but we're doing you a favor if we don't help you. You'd rather be employed, right?

While I did post advice to kennethmv above, I do agree with giskard22.
Besides if the IT guys know you use a Mac, continued use will flag them to something's up.
My workaround above will however block you from their network and them from you, providing internet access only depending on the configuration.

Maybe you should find out why the won't let you use a Mac.
If you would be allowed by being on a seperate network you could use my suggestin above.

Note also that you made a huge mistake in setting up an unauthorized wireless access point. Such things are often big security problems in corporate networks where access is supposed to be tightly controlled.
Having done that, the network admins know that you aren't to be trusted and so are very unlikely to give you the benefit of the doubt.

You would be fired if you did that at any of the companies I work for. It's a very serious violation of security policy.

Likewise for bringing in unauthorized computers especially after being specifically told not to. If you NEED this computer for work, complain to your boss that he needs to fix the issue. If not, then use the computer assigned to you. If you don't like that, find another job. If you continue your current path, it's likely you will need to anyway. If you're in the US, you would be ineligible for unemployment if fired for an offense like this (just went through it with someone fired for attempting to log in as admin on a client's network).

Circumventing any systems they use to track you or keep you out would be a federal felony. They can then choose to charge you or not. Having been involved in a few of those cases on the company side, I'd say you don't want to be on the wrong end of the FBI. They lack a sense of humor in even these seemingly minor cases.

You know, you guys are right...this is not going to get me where I want to go. Just signed up for EVDO, which, if it's half a good and described, will solve 99% of my problems, perfectly OK, and nobody upset.

Thanks for talking some sense into me.....

I use EV-DO with Sprint and used to use Verizon. It's great, and really does run at 800k/second in most areas.

Speaking of getting fired, I would file complaints, starting with personnel, and then going higher, against any IT person(s) restricting my access to technology for my job. It isn't and should not be their job to dictate what platform I use. Claiming it's for security reasons certainly doesn't cut it, since the Mac is demonstrably more secure than a Windows box.

It IS my job to restrict and dictate what computer hardware and software you can use. I get paid well for it, and it's my butt on the line for security breeches. The complainers have been laughed at.

This is where the "do you NEED this for your job" question came in.

Whilst I respect the position of the IT staff posting here, you have to understand that not all IT staff are as clued up as you and often us users have to go behind ITs back to get work done. It shouldn't be that way, but it's they way it is.

I had the same problem with using my powerbook on the corporate network and got told to remove it. It's odd as I knew it was more secure than the IT issued laptops (very difficult to get hold of as always booked out, hence why I used my own) as I at least was storing my work on encrypted disk images: the company laptops were wide open if stolen.

Anyway, in my case I wanted network access for transferring files, rather than internet access. My simple solution was as follows:

I set up a briefcase on my work PC that synchronised the required files from the network to that local machines drive. I then made the folder containing the Briefcase a shared folder (Note the fact that I shouldn't have the rights to do that, but IT left me with those rights and hence why I have no respect for an IT department that don't have a clue) Give yourself access to that. Be nice , do IT a favour and limit it to yourself.

Then when heading home, etc, unplug you work machine from the network and plug the ethernet cable into your mac. Wait a few moments for the mac to give the work PC an IP address and connect to it in the finder. Use a programme like Synk to synchronise the briefcase info to an encrypted disk image on your mac.

Then in the morning, sync the other way round. Works a treat.

Much more secure than the IT suggested option of a USB thumb drive (wouldn't be encrypted)

Of course the other option is to think "S*d it" and do something more fun on your mac on the way to and from work.

[Reminds me of a time when I had to sneak past security to get into Uni so I could get some work done. Crazy]

It is called "Information Technology," NOT "Windows Technology." Your job is to support other departments in their use of the technology they use for their work. Anyone incapable of doing that should be fired.

That's a very idealistic definition. In a large operation there are many considerations besides the personal preferences of small numbers of employees. It's also ignoring the very real issues of power grabs and corporate politics.

There are ways to effect change in a large organization, most of which involve working within the system. Respect boundaries and responsibilities, follow processes, keep documentation, and include an analysis of business implications when you make a request. When it comes down to it, if policies are really so bad that you aren't comfortable trying to do your job and you don't have a manager/director that can get things done for you, it's time to move on.

Speaking of laughing, "Butt... breeches"... Did no one else find that funny?

[sigh]I'm such an ass...

ass....butt...breeches....
Cover something up...

Yes, and all of that should be applied to ALL members of the IT department. Any IT department that cannot respect the processes and workflow of the departments that it is supposed to serve is not spending the company's money wisely. Leadership flows from the top down, as does responsibility, so those at the top of such a department need to be removed.

Red herrings like security should be treated as red flags when it comes to computers. Any IT department claiming that security is important, but requiring the use of Windows PCs is obviously suspect.

Though this is true, what's being discussed here is basic security of a System... Any thing discussed in this thread is extremely basic... So if you can find one IT person who's confused about whats being told here, they should get fired on the sopt cause their probably leaving huge security holes through out the place...
And your Account of how you transport your docs si quite scary too... Any respectful and secured envieronment will not let people have a share on their computer since XP is so easy to crack... (ok maybe not so, but the average user password is) The whole existence of network shares is to replace sharing your personnal stuff and so that its the admins with better tools that manage security... Though in this case I wouldn't leave much thats important out there.
Seriously, many IT groups, independently of the whole security issue (which many ITs tend to use as a general excuse for not doing certain things or realy answering a "why ?" question from some one who's actually knowledgeable) only wish to have the computers they provide for a couple of reasons:
1. They configure those machines so they know them, know their capacities (and if smart have image backups and security setup properly on them)
2. They don't want to take care of every computer users can think of buying
3. (Mac related only) They don't know Macs, so they don't want to have them on their network as they can't control them or make sure if there secure or not (though any online security scan would actually give them the kinds of results their used to) (Related to that... Wghy would they not want at least one Mac on the network... That way they'd have two excuses for things not working or not allowing things: "Wold be a security risk !" and "The Mac must have caused it !" :D

No, we're not. We're talking about the absolute failure of many IT departments to do their job, which is to work for all the other departments in a company, not over them.

All three situations above merely serve to illustrate the point. Macs are legitimate technological devices and as such, if you are in IT and cannot support them, then you are incompetent and should be fired.
1. If you don't know how to configure a Mac, then memorize these words: "Would you like fries with that?"
2. No one cares what they want. They work for the company and its other departments, not the other way around.
3. Claiming incompentence is not an excuse. Once again, if you don't know your chosen field, memorize this: "Would you like fries with that?"

Completely agree on all points. I'm stuck in an enviroment where 3 years ago, though were an educationnal environment, people would pretty much ge the "Would you like fries with that?" phrase if you called with a Mac.
Persistance and prooving that yes you are excesively productive and provide high quality work on a Mac usually goes a long way... but sadly you have to convince the boss and the IT guys over and over again, which brings us back to "Would you like fries with that?" :(

You NEVER have to go behind the backs of IT to get the job done. What you have to do is report the lack of computing resources to your boss as the reason you can't accomplish your job. It's his job to get those for you. Of course, usually in these cases we're talking about user PREFERENCES rather than needs, and in that case, you should just go find a job with a company that does things your way.

If you can't build a documented business case for your needs, they aren't real.

If the business case fails to get you needed resources, your company is doomed anyway.

Only if Macs are required to do the job. It's not an IT directive at most companies to know and support ALL computing platforms. Where do you draw the line? Linux, PalmOS, Windows Mobile, Symbian, and many more things are legitimate tech devices. Doesn't mean they all have demonstrable business value.

I can support Macs and Linux. I still won't let you bring one from home or set up a rogue access point. I won't let you bring a Windows machine in either.

I don't like argueing on the internet (pointless), much less with users of the macosxhints forums (who seem to be more educated than users of a lot of other mac forums), but what you state above is an ideal.

In my case my boss had asked us to do some overtime to pull the company through a busy time whilst he resourced up. I said I could do some additional work to and from work since I travel by train. He said great. IT said "We don't have any spare laptops. In fact, even the two dedicated laptops for your department are out of the company being used by people not from your department." So I was doing the company a favour, only to be given grief by IT.

Like I said before. You sound like you run a good IT department, not all users are lucky enough to have you.

I've been trying ever since I entered employment. It is not that easy.

Certainly, there are exceptions. In yours I don't know why you didn't lean on your boss to lean on the IT boss and make things happen. If there's a real company need, someone will accomodate, unless the entire organization is just broken.

$$$ Always talks.

"Gee Boss, IT won't let me use my Mac computer so I guess I can't do that overtime I offered or st least not as much....but if you let me use my Mac...different story."

Everyone should also consider that "the IT guy" takes on a different role at every company. Size and technology usage changes a lot of things. I work for a variety of companies; in one, I am the IT director. You will use the computing platforms I tell you to. I support Windows/Mac/Linux/Pocket PC, and a few people use Palm in an unrestricted but unsupported way. I've encouraged the use of Linux and Mac, and in some sense rammed it in there as far as servers go and some specific functions. You still won't bring in your OWN computers. For others I just advise, and for others I provide just the higher-level services not done by their in-house PC tech type person.

In many companies the IT people are given specific directives from others, so it's not necessarily their fault. You may be blaming the wrong people. There are a few companies where I've written the IT policy to exclude everything except an HP running Windows. This was based on stated needs, budgets, and results desired. Could a Mac do the job? Sure. Is a Mac needed for the job? No. The IT people at those companies would follow policy and tell you not to use your Mac (or any personal machine).

At those companies, you screwed up. If an abacus could do the job, it should be supported. There is no possible way that you or anyone else in IT can know what platform will be best for the job, since the slowest, most error prone part of any system is the user. Finding the hardware that can get the most out of that user makes all the difference.

Then of course, there's the security issue, and since the HPs are running Windows, well, that's another mistake.

This is turning into an OS war realy, when companies decide mostly what computers they will use based on what deal they can get. Having deals with multiple companies does cost alot more money thatn dealing with just one.
As for the security, it depends almost more on the IT guys doing a good job rather than the OS they work on. Sure there are more security holes found in Windows, but their pretty much taken away if your gateway is very secure and you handle all the traffic and hide the Windows machines behind it.

Here were turning to a hybrid mix with the main office machines being brand name ones (bulk pricing, what can I say) with Windows, some Macs and Linux boxess and servers are a mix of Linux, Unix and Windows (crossing fingers for the Mac ones). Our Security guys are quite competent and the biggest security issues we've had in the last three years have been with people who brought their laptops from home with viruses on them and they got cut from the network realy quickly.

I don't think of it as an OS war as much as a fight to break the oppression of bad IT departments, of which there are many. I don't think any IT department should have the right to dictate what systems other departments use. Because there is never any way for IT to know all aspects of another department's, or even an individual user's needs, it should be the other way around. IT should be required to support what ever systems a department chooses.

It really comes down to one thing: You're either capable or you're not. If you're not, you need to find another line of work. Any IT department that needs to "standardize" on one platform to reduce costs needs new management. That is borne out by the many studies that all show Macs to be far less costly to maintain. I don't point that out to flame the platform wars fires, but to show that the arguments used by bad IT departments are false, possibly deliberately misleading.

Here's just one article: http://www.networkworld.com/best/200...au.html?page=1

A very nice article. But as stated there, most companies go for who ever is knoking on the door first, and thats what companies such as HP, Dell and Gateway do. And as for the IT group deciding what users will use, it can bea mislead perception in the sense that yes the do tell users what to do, but they do it because the bosses who on average know nothing about computers just asks the IT guys what they recommend to use, and since most IT guys have only lived on Windows, they recommend what they know. Who in their right mind go to their bosses and say "I realy don't know this and have never used their products, but we should go with it !"... kinda shooting your own foot there...
The fact that there are more Macs in homes now, and more in schools (has come backup after a huge plunge in the '90s), people are more frequently in contact with Macs and that s why were seeing more young guys that know Macs and PCs because they have to alternate between them. So the future holds good hope, but seriously, a guy who's been an MCSE for 10-15 years will surely not go for mac...

It's very easy to know in advance. The best computing platform is the one that is always running, secure, and always available for the users to work. To accomplish that you set standards, which may be compromises, but are better than the compromise of downtime or data loss.

In addition the jobs are well defined and documented, so the requirements are known and met.

I realize you will never consider a position other than your own, so unless someone else has a debatable position or interest in discussion, I'm done here.

Then he's incompetent, and should expect to be fired. As I said above, I don't think it's strictly and OS war, but I recognize that guys like that are fighting to keep the only OS they know (barely, in many cases) on top. Those are the ones who most deserve to lose their jobs, and there are obviously many of them at the OP's company.

Uh, maybe you should read the article, because if you go by your statement, you would never use Windows.

And every individual at every company you work at does his job the same way everyone else with the same title does? Please. Most people try to find ways of doing things without their computers, because they find them difficult to use and a source of unneeded problems. IT bears a significant portion of the blame for that.

Hmm, always a good tactic when you don't like the message.

Oh, and I forgot to note...that describes me pretty well, but I switched to a Mac right after I ran my first copy of Longhorn and realized MS has nothing new planned for at least 5 years.

All of the Windows machines I administer have months of uptime and are completely secure, just like the Macs and Linux machines.

Funny, I'm in the exact same situation as kennethmv...

I've been working for the company for 17 years... And plugged "illegaly" into their network for the last 7 years with my powerbook (well not the same powerbook for 7 years but still...). I got "caught" two years ago by the IT guy who came by the office spotted my Mac and asked if I was plugged into the network. I told him : Everyday since the last five years... He frowned, told me I shouldn't, but I plugged it back in as soon as he left.
Everyone knows I'm still using it, and unless there's a written official policy emitted by the company noone except my direct hierarchichal superior can tell me what to do...

Otherwise my Mac has never represented any security risk for the last 7 years why should it now ? The company trusts me with valuable equipement (a few millions worth) why wouldn't it trust me on the network ?
If I ever did anything illegal in there they are welcome to sue me, as they would if I did anything illegal in the real world. I see this as nothing else than ITs misplaced powertrip.

Anyway I came across this thread looking for a better way to be more discreet on the network, but it doesn't look as if I'm going to find any answers here...:cool:

See ya guys (or perhaps not...) on your networks...;)

The only idea I had (never tried) was changing the network name of my mac to something less obvious (Let's just say it included the words "Powerbook").

Have a look on your network and see what is used. At our company they typically use a few letters to identify the site, followed by a sequence of numbers. I.e. Sit101402. Just take out the next number, or something similar so it is less obvious when something new appears on their network. You could try looking to see what official company laptops appear as on the network.

Or call it "I love Windows" to put some balm on your IT guy's broken heart form having a Mac on his Windows network ;)

Your Mac HAS represented a security risk for seven years. The fact that you don't understand that, and don't know what you don't know, is the very reason it is a risk.

Let me try to be clear: Any machine not controlled/configured by IT is a risk on the network. There are dozens of ways that a user can create a hole, and it doesn't necessarily mean spyware and viruses. I can take a Mac and make it a security hole in minutes without using any special computers skills, with software that is widely advertised to computers.

The fact that your computer wasn't actually exploited doesn't mean it didn't present a RISK. Mac vs. Windows is not relevant; controlled vs. uncontrolled is the issue.

One way that an uncontrolled machine can cause security problems is if it is providing services that are accessible by other machines.
So make sure your Mac isn't providing any services to the network. E.g. no Bonjour, no file sharing, no connection sharing, no P2P, no NTP (network time synchronization - on by default in the Date & Time prefs). Run 'sudo lsock -i -P' and look for open ports.
It still isn't a good idea to put an uncontrolled machine on a corporate network, but if you do so, at least do the above to make it more innocuous.

And make sure you're not using an outgoing connection that can be exploited. Services like gotomypc.com (not Mac compatible, but others are) can create a gaping hole in the firewall. I block them completely, and hopefully other IT people have taken such steps too, but I know many have not.

I'm not sure I understand how that sort of thing works, but wouldn't that need some software that is running on your Mac and providing an open port?

Those remote access systems establish a tunnel to an outside machine. Basically the same as running a VPN. So the remote machine, and any other machine that connects to it, can then connect to the machine at work. Those outside computers may have light passwords, viruses/spyware, or any number of other security issues. Since the tunnel is encrypted, the corporate firewall can't scan it for viruses or improper access. Then the machine inside the network becomes a vector for any sort of usage/virus infection.

With most of my clients, we don't even allow their home machines to use the VPN until they bring it in to have us install our corporate virus protection and security additions. It's not about random control; there are well documented infections caused by remote/VPN connectivity.

It's a complex issue, and it's amazing how many people don't know what they don't know and proceed as if there possibly could not be any problem with a Mac on a network. It's not perfect either. It's OK not to know--that's why I have a job--but at least realize you may not have all the answers yourself (this is not directed at you, obviously, but in general).

That's a huge jump to make, so I assume you've seen cases of a Mac infecting the network. :rolleyes:

This has certainly been my experience as a consultant: my machine had to be "cleansed" before I could hook it up inside a corporate firewall or Timbuktu to any machine inside it. While I was on site "uncleansed" I was often given an IP address I could use to get outside to the net from one location inside their offices so I could TB2 to my own office. Otherwise, I had to use one of their loaner laptops while I was there.

All that said, however, nothing prevented me from disconnecting a router in the room from its feed and forming a small LAN with no WAN connection so a group could work together on a document. During that time, they and their pristine machines were all defended from me by their own firewalls.

Folks who argue against these strictures (and they are a PITA) would not consider leaving their car unlocked.

These strictures are put in place because Windows needs to be quarantined at all times. I find it amusing that so many people will claim Windows is "just as secure as a Mac" at the same time they insist on using security precautions so draconian that most long time Mac users wouldn't even consider them.

Just so we're clear, getting out of bed in the morning represents a risk. The real issue is risk vs reward. Attaching any computer to the network is a risk, but the Mac represents a much lower risk while increasing the reward: user performance. Of course, many IT types aren't interested in that because it doesn't do anything for them. On the contrary, a system that doesn't need to be isolated behind routers, firewalls, virus scanners and anti-spyware threatens their job security.

Actually I have found that most are put into place because there is a finite amount of people qualified to handle problems as they arise. You (general you) are lying if you say you can fix every problem in every system and configuration.

If the people who are there to fix the problems are trained on one system and x amount of images of that system (because no matter how much they know walking into a new place one needs to learn how that place does things), adding new systems also means adding more people to handle them. This means more training, more work, more policies and more money.

Most places would rather hire people to do work for them that generates money over hiring people that are there to support those making the money.

Boy what a read..


In some cases IT departments will say "NO, we do not support that so you can not have it, end of story"


IT's job should be to advice and support systems to get the job done.
If they feel there is an issue with some tech that may cause more problems than its worth, Then fine.

Find me something that does what I need, the way I need it.
Because if I can not get my job done we (IT included ) might as well all go home with our collective thumbs up our collective Arses.

I do not expect your IT to understand your job, I think in most cases thats the problem.
IT understand the Tech, but only superficially understand the work the companies they support do.

But what should not happen is people putting in their own Wifi.
I am surprised you still have a job.

Here's the crux of the issue. If you've got an IT department that isn't doing it's job, and it has made a "policy" decision to try to remove some one who is trying to do theirs by working around IT's laziness, what do you do? I'd keep doing my job. A wrongful termination suit may be just what's needed to straighten that IT department out.

People every day have to figure ways around some IT restriction to get work done, this includes IT staff

The problem with the guy putting in a Wifi, is he possibly put his company at more risk than him not being able to work on his Mac.

IT's will claim some of these restrictions are in most cases due to Security.

True or not true, doing what he did just proves they need to worry about people bringing in their own hardware. And gives them more Power to say what is what, because the Users can not be trusted.

He did what he needed to do. The fact that he needed to do it shows that IT isn't doing it's job, and therefore cannot be trusted. Once again, the security claim is a red herring. If they were using secure systems, the network wouldn't be an issue. It isn't possible to infect a network, only the devices on it.

No, what he needed to do was go to his boss.

I'm not saying his IT are doing a good job, nor am I saying they are doing a bad one.

But no where in the OP post do they say they went through any proper channels to get what he needed.

Also from their own take on the situation, the IT people are more upset about the wifi than the fact he was using his PB.

I think the same would go if he was using a PC laptop.

I am also not only thinking about infection.
With the wifi, Their network is now open to intrusion from someone off site who has nothing to do with their company but now can gain easy access by cracking the wifi.

All unknown to the company because as far as they know they do not have any un-authorised wifi connected to the network.

**edit**
So in this case the security issue is not a red herring.
And because of lack of forethought, His IT now have more power to veto anything the OP thinks
they need to do to get the job done, using the security issue

You said it yourself:

There is a big difference between advising and dictating. When they're dictating what systems you can and cannot use, they're out of line. They are not the "proper channel" any more, but are a rogue element within the company more akin to a parasite, since their "policies" are costing the company money in favor of they're own financial and political gains.

The network is just a bunch of wires, it's the systems on it that count. And once again, if their systems were secure they could open the network. Blocking Macs and claiming it's because of security is more than just a red herring. It's disingenuous at best.

What is a network with no devices on it? I think it's called abandoned cable?

I agree with mark, putting a rogue wireless device on a network is a secutrity risk.

One person out of thousand who "needs" insert (Mac/PC) when everyone else is not on the platform is a red herring too. He just wants, he doesn't need. If he needed than Management should get him what he needs and if they don't it is not up to the employee to find a way around what he doesn't like.

That said, "policy" should be clear as to what is expected and allow, along with the actions taken when the policy is broken.

If management chooses to use one platform for all compouters, than using another platform is a security risk. If it's a one platform envirnment then that's all IT needs to know. Them not supporting platform #2 is not a lack of knowledge of IT's part, nor does it show they cannot be trusted.

Lucky for me I am my own IT department and I can use which ever platform I wish. I happen to use both PC and Mac.
But if you work for a company that uses a computer platform different than your own, time to learn.

The point is that it is the devices on the network that represent the security risk. The Windows systems need to be isolated from the real world because they're so insecure. Installing a Mac or any other device increases the risk because of the insecurities inherent to the Windows systems, not the Macs. That means that IT hasn't "secured" the PCs. They've merely hidden them from the rest of the world. Sure, there is some small risk to the Mac, but that's only in the same sense that Fort Knox is at risk.

You can't possibly believe that if the situation were reversed, with one PC on a network of hundreds or thousands of Macs, the security issue would be nearly as severe! On the contrary, it would be negligable.

And who is "Management"? If you're talking about IT Management pulling the wool over the rest of the company's eyes, then I strongly disagree. Self policing rarely works, and IT departments certainly aren't acceptions.

The idea that "standardizing" on one platform will make things easier and more efficient has long been discredited, and only lazy IT people benefit from attempting it. The company certainly doesn't.

My main point is that if you don't agree with company policy then you should go through the proper channels to make a change. If they refuse to change (for whatever reason) then you should live with it, keep trying to change it, or move on.

And by "Management", I mean the top management of the company, their decisions can rule of the IT department's.

Taking action against the company, meaning doing what you want anyway is not the router to go, unless you like risking your job.
I think this issue applies to everything not just IT.
Standardizing is not necessarly the sign of "lazy IT" it chould just be a cost issue. Additional cost coming from many areas of having multiple computer platforms.
And while using non-standard platform may or maynot be more efficient, but likely the deciding factor is cost. And most management looks at the cost now, not the cost overall or longterm.

This is fun by the way. :)

In my experience, very restrictive IT policies are often the result of proprietary or in-house software that will only run in Win/2000/XP. The router trick usually doesn't work either unless IT provides it because only registered MAC addresses are given an IP Address by their DHCP server. I have used a router that would spoof MAC addresses and loaded the MAC address of one of the inside participants, but that was for about an hour.

In one place I consulted, they gave me roaming rights (after I told them my MAC address), but my DHCP lease never exceeded 15 minutes (a bit of a bitch when making a presentation). A guy from IT actually came up to the conference room to look at my machine before I started.

My solution to these problems, BTW, was to buy a Thinkpad T30 which I never used for anything else.

1. Top management knows very little about technology, and that's part of the problem. They're easily manipulated by IT management bent on an agenda that doesn't represent the best interests of the company or any of the other departments.
2. Doing your job in spite of what the IT department wants is not taking action against the company. The IT department IS NOT the company.
3. Standardizing has been discredited because it is cost-prohibitive. The security risks of standardizing alone outweigh the benefits, since a hole in one system means a hole in the entire system. Even farmers know not to plant just one type of crop.
4. Only poor management makes decisions based on the cost of the box. If you work at a company that does, you should be prepared for layoffs at any time because they're likely to happen.

This is just the kind of abuse by IT that shouldn't be tolerated! There is no reason to give a 15 minute dhcp lease. If your system isn't secure, one minute is plenty of time to cause a problem. If it is, then there's no reason you shouldn't have access for the entire day. The only reason I can think of for them doing that is to force you to buy a PC.

that was a mistype sorry, That should have read "But no where in the OP post do they say they went through any proper channels to get what they needed."

As in the OP going to their boss...


So your saying if I physically had your mac in my hands I could not do what
I wanted with it because the 'systems' on it are secure.

I dont think so. There is no such thing as a secure system.
It is only ever about how many hoops you make some one jump through and how hard you make it.


Yes this is true, But Stop fixating on the Fact they were using a Mac. It making you miss the point.
It could have been a Pocket Pc.

The point is the OP introduced a weak point on the Network.
They did not seek permission from anyone to be able to use a wifi connection. So how do we know they would not have got one set-up by IT
Nor I suspect did seek permission to connect the 'device' to the network.
Where do they say IT have Banned Macs.
From what I've read, The only Mac banned was the one they brought in and plugged in without permission.
Again it could have been a 'Pocket Pc'

Their IT have now decided to 'Plug the hole' by banning the individual from using any device not specified or agreed to by the Company on their network.

The OP now needs to go to their Bosses and explain that they can not do their job as effectively on the office Pc's as they can with their Mac.
This is how you Should do things in the first place.

I could be wrong, but the way I read this:
is that the Mac was bought by the company, but some dolt in IT management has decided to "standardize" the company.

Even if that isn't true, I don't buy the premise that simply adding a device to the network is a security risk.

No. I'm saying that if you had physical access to my wife's iMac you couldn't do anything you wanted to my Dual G5 because it's secure on my network.

I'm sorry this could go on for ever...

Whether the company bought it or not.
Whether they have made the choice to only use PC, so what.
I have fought the long fight to keep using Macs. I'm happy to say I see light at the end of the Tunnel. I know the issue all to well. But thats a whole Other issue.

The OP should not have connected a wifi. Which is the point I am making.

And you right I personally could not hack your mac from the iMac.

But I believe even if your home network can not be hacked due to no services or what ever, Large companies have to allow access across the network and as secure as they maybe, they will not be invincible against attack if the attack is coming from within. Which the wifi allows.

I understand, but the argument that Mac's aren't 100% secure misses the point. Nothing is 100% secure. Especially not the corporate approved and locked down PC. Everything is relative, and I have no doubt that a stock Mac is at least as secure than a locked down PC.

The wireless issue only came about as a way to get around an unreasonable IT department. Maybe it wasn't the best solution, but it was an attempt to get the job done. I would have used the same router, but with the wireless capabilities turned off. ;)

I must say you guys are great.
A heated debate and no one has been shot yet. I'm impressed, many other places the insults and name calling would have started at the end of page one of this thread. But nothing yet. I am very impressed.
That's part of why I think this forum is so great. That, and the excellent advise on actually fixing the issue.

Yes, if your going to try and bypass the "system", then cover your tracks as best you can. Or if you're going to use the wireless, install it under someone else's desk and then deny knowledge. ;)

Yes, it hardly ever gets personal here. These 'arguments' are actually useful, since they make you think about your own way of doing things. ;)

I just noticed this:
I would agree that the OP introduced a strong point in a relatively weak network, and therefore exposed one of the network's weaknesses. The difference being that if the components of the network were secure enough that they didn't need to be quarantined, there wouldn't be an issue at all. This of course implies that either 1) the IT staff doesn't know what they're doing, or 2) they're buying equipment that cannot be properly configured to be secure. I don't see a third possibility.

That just so does not make sense.

I would agree that the OP introduced a weak point in to a network. and therefore exposed one of the network's weaknesses.


** WARNING ALCOHOL INBIBED

I think the point is, whether the IT department is smart and realizes that all components and devices connected to the network are potential risks, or if the IT department is ignorant and thinks that just because they don't have knowledge of a computer type (i.e. if he has never touched a Mac and you try to add your Powerbook), all that matters is that the IT Department (SHOULD) have a written policy on this matter. Banning non-alike OS's or allowing a few different ones is up to the policy.

While I agree that just because someone uses Brand X which may or may not be more secure than Brand Y means they shouldn't be automatically barred from using it on a given network, it shouldn't be done behind the backs of those who operate and maintain the network.

It basically comes down to the skill of the IT director and his/her staff, and the written company policy on rogue computers.

Calling it a weak point implies that it is susceptible to being compromised and therefore would be the weak link in the chain. There is no data to support that, but there is plenty showing that the Windows machines are. Edit: I'm talking about the Mac here. The wireless access point would be a weak point, but it really isn't the issue.


DarkSaint, I would agree with what you're saying, except that it's based on the assumption that the IT Department management is fair and has no agenda of their own. It appears that in the OP case, this isn't true, since they've practically banned all OSes outside of Windows and even that is limited to a specific version. This is a giant red flag indicating apathy, ignorance, and a strong preference for putting their convenience over the needs of the company and its various departments.

while I agree with you conclusion here.

I have to say that if you took that to a judge they would say its circumstantial and does not hold up to the charges.

We know nothing of what the company does or the software they run, the software could be propriety,we do not know if they need to use win2000 because its the only os that they can run the software on that is reliable.

All we know is the OP wanted to use a Mac to get broadband access to the internet.

Here's what we do know:

1) There are thousands of computers at this company used for (tens of?)thousands of jobs.

2) Windows isn't always the best solution for the job.

3) We do know that many people in IT claim that you should use the best system for the application(s) you need to run.

4) We also know that many of those same IT people almost always exclusively recommend Windows. This contradiction only makes sense when explained by their putting their own convenience over the people they're supposed to be serving.

5) As was the case in this thread, IT people often claim that they're limiting computer choices based on security reasons.

6) The Mac has been to date, significantly more secure than Windows, so if they were really concerned about security it would be Windows that they were banning.

7) IT departments around the country (the world?) have reputations for doing as this one is accused.

So yes, it's circumstantial, but many people have been convicted of crimes on less evidence.

Thought you all might like this Article saying it basically cost double to maintain a PC then compared to a Mac. Read the article for specifics and conditions of that statement.

Hehe, I beat you to it: Post #27 :D

DOH !!!

27???
We're on post 70 now, it's just a friendly reminder!...yeah that's what it is...

It's good you saw it though. It points out that at least part of the extra costs in a PC's TCO is security, which puts even more suspicion on the usual claim that they're banning Macs from their network for security reasons. :D

"Security reasons" can mean an awful lot of things. From an IT department perspective, it's reasonable to call a security risk anything you don't have deep knowledge of and complete control over.

Indeed, I assume firstly that the IT department is fair and equitable. I then listen to hear the retort, and it's either the ignorance of the IT staff or a real 'reason' to block a specific or non-specific OS, such as in-house software is Windows compliant only, or a specialized login services for recording hours worked, or any other such software.

What most IT staffing and directors doesn't seem/doesn't want to understand is that most software nowadays is either cross-platform or 100% compatible with alternate OS's. I suppose morale and productivity isn't IT's area of expertise, so we can give a little leeway to those poor souls :rolleyes:

It is never reasonable to call something a security risk when it is your job to know and you don't. Claiming you don't need to know because you've chosen the tactic of blocking out technologies that you don't know is no excuse. Once again, if you aren't competent in your field, you should find another job.

...and what if you are hired to administor a one platform company, not knowing the other platform, better or not is in now way a lack incompetentcy.
And in this case someone bringing in a "foreign" technology, even if "better" is a security risk, espicailly if hidden from those in charge.

If you're in IT, your job is Information Technology, not Windows Technology. Not knowing the alternatives to Windows is like a pediatrist having no knowledge about the heart or a brain surgeon knowing nothing about your digestive system. In either case, such a doctor would probably end up losing their license, and for good reason. They'd be incompetent. Of course, that assumes they could actually get a license, which would be next to impossible.

IT needs to be held to the same standards as other professions, because they're supposed to be the experts who can evaluate new technology as it comes out and make the right decisions. If they don't understand the alternatives to Windows, their decisions cannot be trusted. Hence, they're incompetent and should be removed.

But while a Brain Surgeon does need to know basic info on the digestive system he would likely not operate on it, that's not his speciality.
Just like the captain of a 747, while he needs to know the basics of flying, he does not need to know and likely doesn't know how to fly a A320.

So likewise you can be in IT and specialize in PC's or Mac's, in Linux or OS/2, even Word vs Wordperfect.

While not knowing how to use both Word and WordPerfect limits your ability to service more customers or to inform your customers better it does not make you incompetent.
Otherwise, under those standards you would have to know every system and every software package out there.

Yes, but we're not talking about delving deeply into the guts of the machine. We're talking about knowing enough about it to set it up on your network with some confidence that it's done correctly and securely. That's about the equivalent of a doctor checking your blood pressure.

But you don't even need to abe a doctor to check blood pressure.

You're saying if someone only knows one system then they are not IT and speciliazation in only one (or knowing only one) is being incompentent.

There are enough systems and people with systems that a person can specialize in only one system and still be knowledgable and compentent in their field.

Not knowing how to drive a Standard Transmission's car does not make you a bad driver, nor does knowing how to make you a good one.

And if 75% of the possible clients out there only drive an automatic car, what's the point of learning how to fix a standard transmission. Granted you can't fix a car with a standard. And not knowing how to fix it doesn't mean anything negative about you or your business.
The great thing is someone else has a business who only fixes standard transmissions and a few other can even fix both.
When there are enough different products and enough different people out there, you'll never have "One Great Product" that everyone will want.
There will always be two sides to the coin and you can never see both at once.

Yes, you don't need to be a doctor to check blood pressure. That's the point. Properly setting up a computer on a network doesn't require a degree in computer science either. It isn't a matter of specializing. It's a basic function that anyone in the field should be able to do in their sleep, and the OS shouldn't mattter much.

I'm saying it's ok to specialize, but you can't be completely ignorant of areas outside your specialty. What's more, while specialization is fine for individuals, an IT department serving thousands of users cannot be so specialized that no one in it knows anything but Windows. That's incompetence on a grand scale. To use your car analogy, you may be able to find a single mechanic that can't fix a standard transmission, but I challenge you to find a dealership with an entire service department unable to do so. If you were able to find such a dealership, how would you feel about taking your car there for a tune up?

While true about cars, if my company only uses an automatic (Windows) I don't care if the can't fix standards (Macs). I would be totally fine with that becuase as a company I have made my decision not to purchase a Mac becuase it costs more to buy.
Believe me I love the Mac, and when my cleints ask about getting new computers or even what to initially get, even after explaing the benifits of getting a Mac, the initial buy price it why the get PC's. They don't care about the cost of maintaining or anything else.
It's all about how much will it cost me to get up and running. So they don't care if I could or could not fix a Mac, they don't have one, they are not going to buy one.
Likewise I also know a client of a friend and they have all Macs, and don't use PC, so they don't care about wether he can fix a Windows box, they just want there Mac's up and runnning.

My point being, you don't have to know the other to be a good IT person.
Knowing both makes you a better overall more knowlagable Technication but in some cases there is no need to know the other platform and not knowing so doesn't make you any less an IT person, especially if your cleints have no need for the other platform.

And when money talks, right or wrong, the customer isn't going to change.

You're confusing a persons rights as an individual with their duties as a professional. Individuals have the right to be stupid. Professionals don't.

In any profession, be it automotive, medical, or computers, the practitioner has a responsibility to their employers and/or customers to honestly examine the total cost and the total benefits and make the proper decisions. Anyone (or any department) not doing that just isn't doing their job.

Edit: The Mac represents the only significant alternative to Windows on the desktop, with Linux also being an alterntative primarily for servers at this point. Clearly, an entire IT department that has banned both in favor of Windows cannot possibly have examined the costs and benefits honestly. What's more, they've crippled their own capacity to examine these costs and benefits in the future, since they won't know anything about them.

While that was fun.
I fold.

what about clowns :D :D

P.s

This thread is way overdue for the cloakroom...

Dude, clowns are just scary. Everyone I see reminds me of the movie "It".
Or is that IT???

LOL! It depends on the department, I suppose. :D

That alone clearly explains your lack of knowledge in regards to network administration and security. I'm having a hard time believing you typed that with a straight face.

Don't get me wrong; on networks I admin, I prefer Mac's as the client OS. But someone that put a wireless access point on a corporate network who doesn't see that as a GAPING security hole (policy violation aside) might be the same person who would unintentionally make his Mac insecure.

There aren't too many networks I admin (or have admined in the past) that non-IT sanctioned equipment was allowed on the network. It's possible that his IT department had moved to a common platform to ease software rollout, OS imaging, there are a whole bunch of possible reasons. What if his hard drive dies? If they have a decent imaging solution, they can have one of their 10,000 windows workstations up in 10 minutes, where as our Mac using friend is SOL for who knows how long. Best bet would be to prove to his boss why he 'needs' the Mac, and let them handle it from there.

CAlvarez has posted a vast amount of common sense in this thread. All should re-read his posts.

How are you still employed there?

I used to work in a state job where the same crap would go on. I was told to remove firefox. I didn't as i needed it for what I was doing. Tab browsing saved alot of time in checking links of the company website for example. The companies interal sites only supported IE 6 + .

When I was in college I brought in a mac (ibook) and the head of IT said that I would have alot of trouble getting it to work on the LAN. So I did a scan and as all the bios names are the machines users I took his static IP for my own. He was wrong, very easy to network. :)

I now work in a mac only environment but the irony of it all is that the security systems (bio-metrics) are all run by windows machine's

As security is so good with the mac's users are given just a dvd and are told go and install Tiger.

There is only one deadly mac virus that I worry about. Its made by Symantec.

I do however agree that unauthorized hardware would upset the IT department and I am surprised that they didnt make a big deal of your WAP.

In a previous job I brought in a Logitech keyboard as I didnt like the work one's. Oh the IT department didnt like that. Sometimes it is just a power trip also.

But for a company that as big as the one i worked for I can go to their website and make myself the CEO (according to the website) As there is not security at all for there site to change such things. Also the site cost 6 Million euro's to deploy.

That's a management job. It's not for the "IT guy" to set policy and study ROI/TCO.

And what you're saying is that it's someone's job to make sure that Macs are found to cost less. Because you won't accept it if in a certain situation, there IS a cost study and they still settle on Windows. You really have no idea if there was a study done in any of these cases, but you assume there was not because you assume the Mac would always win.

I have several clear cases where they would not. You have a very narrow view of the IT and business world.

Yes, it's IT management's job, and they're not doing it. What I don't accept is that Windows always wins for a company with thousands of users, nor that it will always win in the future. That's statistically impossible. The only conclusions I can see are: 1) They didn't do an honest study when they made the decision, and 2) They aren't capable of doing an honest study now or in the future, since they aren't qualified to securely set up a Mac on their network, let alone compare it's costs and benefits to another platform.

So you're saying that merely adding a dumb terminal to a network is automatically a security risk?

You can come up with all kinds of rationalizations like ease of maintenance to justify anything anyone or any department does. At the same time, I can point to articles that demonstrate the Mac to be easier to maintain, more secure, etc. See post 27 for one. Results are what matters though, and any IT department that settles on one and only one platform is obviously more interested in its own agenda than serving its company.

It is.

:rolleyes: :rolleyes: :rolleyes:

Such eloquence! If you want to be philisophical about it, anything is a security risk, but it certainly is less risky than installing a Windows machine.

As for using only one platform, numerous scientific studies have shown that a homogeneous environment is more suceptible to attack than a heterogeneous one. That's why it's better to plant multiple crops on a farm and use large genetic samplings when breeding. Computers aren't that different. If they're all the same and one is breached, your entire network is compromised. If security were an honest concern, settling on one platform wouldn't be an option.

There are dozens of concerns, but once again, you close your mind to all of them and insist that every network has to accept your chosen platform. And once again, this grows tiring as you refuse to see any possible line of thought but your own.

Let me start by saying that I bought my first Mac in 1986 and still have all but one of the Macs I've ever owned, all in working condition (the oldest being an SE/30). In spite of that, when I was in a position to decide (and fund) a large student network in a University, I didn't have any difficulty deciding that it would be a PC network and would be restricted to that. (In the Faculty of Architecture, their student network was all Macs because that fit the design software they wanted to use, and PCs were excluded.)

The reason was simple: money. That I could have several hundred machines produced by a local assembler to our template, all with hidden ghost partitions from which whatever a student did to screw up a machine could be resolved in a few moments with a magic floppy, with an on-site maintenance contract with the builder for them, and all of the software provided over the network standardized and license-controlled from a central server was clearly the way to go.

That didn't mean that faculty, students, and staff couldn't own and use a Mac on the University network, it just meant that if you did, you couldn't connect to the engineering student network directly (which operated separately over the same fibre backbone) - there was just no route unless you ran a Windows emulator. We even provided Mac support on the general network which was all based on MAC address recognition so a student or faculty member could take a laptop to a classroom or lab provided it was within their subnet but still couldn't connect to the open and public student network on its own net. Running a router on the student net would have cost the student his computing privileges for 336 hours from the moment he was detected (as would playing Doom or viewing pornography).

I don't think there's some sort of nefarious plot out there to crush Macs or even necessarily a lot of ignorance among IT folks. It boils down to money.

That's a load of crap and you know it. The fact is, anyone suggesting that it's ok to ban all systems but one has closed their mind to all current and future possibilities. I haven't suggested that the network should be all Mac. Only that it shouldn't be all Windows.

One other thing: It's important to remember that the network does NOT belong to the IT department. It isn't up to them to limit any other department or department member's access to technology. On the contrary, it's their job to facilitate it.

A lot of this discussion is really quite silly. CWT obviously thinks that in any organization, the actions/responsibilities of an IT department should be entirely driven by the needs and desires of the other departments. If someone can do his job better using certain equipment/software/whatever, an IT department should try to accomodate that. Others are comfortable with an IT department focusing on providing only a specific set of functionality/equipment/software. Two ways to do things, with different pluses and minuses and different resource requirements. Maybe agree to disagree, mkay?

I think that IT should be as user-driven as possible, and that the Windows mindset is hugely wasteful, but my opinion isn't what works best for every organization.

Wow! So we're supposed to believe that A) No one in that entire department could figure out how to back up a Mac, and B) They're still competent.

:eek:

You must live in a neat world. I suggest you go actually work at an IT department for an enterprise-level facility. It's quite clear you don't have any valid experience in that area, and I believe it would be an eye-opener. Of COURSE someone in the department (if not all) could figure out how to back up the Mac. It's really quite simple. That doesn't change the fact that the management has decided on a common platform, that doesn't include the Mac. So while it's easy for them to back up the mac, it's currently not their job.

Cwtnospam, you spout come up with a lot of idealistic viewpoints on how you thing thinks should work, and there's really nothing wrong with that. I wish I lived in your world. But, we're talking about reality here, and the reality of enterprise-level network administration.

We're also not talking about adding a dumb terminal to a network, we're talking about adding a non-IT controlled computer, and a frickin WAP. That one still blows me away. I told other network admin friends of mine about it this morning (most of whom mainly support Macs for workstations), and we all had the same look on our faces. Someone should have taken a picture.

What about Microsoft's IT department. Do you think they will agree with that.

:D :D

So for a company that does lots of word/excel type things (using MS Office or OO.o, either way), or any other task that a windows machine does as well as a Mac, the fact that they have their folks on Windows machine (at a much lower cost than if they were on Macs) is providing a dis-service to the company how, exactly? By saving them money and giving the users computers that do exactly what they need them to?

Again, I prefer Mac's as client machines, and will prefer them more when I can better run apps like Autocad on them. But my situation is not their situation. Neither is it your situation. If the company still runs with 10,000 windows machines and one lone Mac, I'm guessing it's not the lone Mac that's keeping the company together.