Jamf Nation Community

kaci_weirich · ‎05-08-2015

My company is increasing travel back and forth to China. I've read a lot about the PRC deploying spyware to machines. How are you mitigating this when the laptop returns to your office? I know we're not the only company dealing with this and any advice is welcome! Up to this point, we've been wiping the machine when it returns to our office (before putting it on our network).

Thanks!

rderewianko · ‎05-08-2015

Before the machine even gets to china, we swap out the filevualt encryption keys, having an individual one for each machine going to china.. Then we firmware brick the machine, and tell the employee to contact us when they get settled, which we then give them the key.

Haven't gotten one back to NA yet, so can't comment on that part.

There was a great session at JNUC14 on this.Here

View solution in original post

rderewianko · ‎05-08-2015

Before the machine even gets to china, we swap out the filevualt encryption keys, having an individual one for each machine going to china.. Then we firmware brick the machine, and tell the employee to contact us when they get settled, which we then give them the key.

Haven't gotten one back to NA yet, so can't comment on that part.

There was a great session at JNUC14 on this.Here

rtrouton · ‎05-08-2015

Rather than have folks take their own machines, I recommend having a stockpile of loaner machines and give them to folks travelling to China.

When they come back, keep the loaner off of your network and make sure anything they need is off of the laptop. Once that's done, wipe the loaner completely.

gachowski · ‎05-08-2015

I think there is no really way to secure and be 100% sure about it with any computer. I think you have to use iPads.

I read somewhere that Apple added a verification wipe to the newer iOS devices, but I couldn't find the page.

C

Jamf Nation Community

Mac Security when Traveling to China