Should we block Peer-to-Peer ?

kgam
Contributor

Our security team have asked me to look into blocking Peer-to-Peer on our Macs. They want to prevent a possible attacker from jumping Macs using this service/protocol if one Mac gets hacked/infected.

I'm not familiar with how P2P is implemented in macOS besides the fact that it's used by AirDrop so I'm looking for recommendations and best-practices I can take back to the security team.

If there is an actual risk we should take action but I also don't want to block our users of a useful service (like AirDrop or other built-in features) based on a possible empty threat or one that only applies to PCs. How would you handle this request?

Thanks.

1 REPLY 1

dsavageED
Contributor III

Honestly I'd recommend simply enabling Stealth Mode, https://support.apple.com/en-gb/guide/mac-help/mh17133/mac

We use a script to keep Apple's Application Firewall configured in the way we desire, it's nothing complex, https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall.sh

Another script adds exceptions for particular apps, https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall-add-exception.sh

Config profiles at the time seemed a little too restrictive, but you may be able to leverage that rather than using code...