Should we block Peer-to-Peer ?

Question

Our security team have asked me to look into blocking Peer-to-Peer on our Macs. They want to prevent a possible attacker from jumping Macs using this service/protocol if one Mac gets hacked/infected.

I'm not familiar with how P2P is implemented in macOS besides the fact that it's used by AirDrop so I'm looking for recommendations and best-practices I can take back to the security team.

If there is an actual risk we should take action but I also don't want to block our users of a useful service (like AirDrop or other built-in features) based on a possible empty threat or one that only applies to PCs. How would you handle this request?

Thanks.

dsavageED · Answer

Honestly I'd recommend simply enabling Stealth Mode, https://support.apple.com/en-gb/guide/mac-help/mh17133/mac

We use a script to keep Apple's Application Firewall configured in the way we desire, it's nothing complex, https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall.sh

Another script adds exceptions for particular apps, https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall-add-exception.sh

Config profiles at the time seemed a little too restrictive, but you may be able to leverage that rather than using code...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded