Thursday, July 5, 2018

jamf Saga Continues but Little Snitch to the Rescue

In my previous post, I was explaining on jamf and its privacy implications. jamf is very configurable. Since writing to disk is a potential problem, as the user can readily inspect, the alternate technique is to ping the command and control center every time the computer unlocks, wakes from sleep, boots, and such. It is a network call and unless one does outbound traffic monitoring, one does not know about this event happening. And there is nothing better than Little Snitch in my humble opinion to monitor such activities. This is the missing firewall for macOS which gives me peace of mind, knowing that there are no intruders on my local system. The default firewall does wildcard inbound and outbound checks, but the level of granularity is only app based. Little Snitch has got much better granularity (IP, domain, app, time based, profile based, inbound, outbound etc.). The network gateway monitoring is a story on its own, which requires a different technique.

A faster option would be to just set the domain the jamf pings in /etc/hosts to loopback on the local interface, though I am not much sure if jamf will honour that. This is if one does not want to use Little Snitch. Care must be taken because the Little Snitch database logs all the network calls. So any secure access that needs to be not logged has to be removed from its database which can safely be done from the UI. Even though, the database is encrypted and the encryption key is securely stored in the Keychain.