TITLE
|
|
Learn how to configure the Directory Access feature to protect your Mac from a malicious DHCP server.
Please note that the exploit requires the malicious DHCP server to be located on your local subnet. For typical home network configurations with a broadband (DSL or cable service) modem and a NAT (Network Address Translation) device, such as Apple's Airport, this exploit is not possible.
If there is a chance that a malicious DHCP server has been injected into your subnet or you are operating on an untrusted network there are two solutions to the potential vulnerability depending on if you are using a directory service.
No directory service: For users that do not use a directory service you can go into the Directory Access utility and uncheck the "Use DCHP-supplied LDAP Server" option (Figure 1). You are no longer susceptible to this exploit.
Figure 1 Uncheck the Use DHCP-supplied LDAP Server option
Directory service: If your Mac is configured to use a directory service consult with your IT administrator before changing any settings. Your IT administrator will need to change the default setting from "automatic" to "custom" search policy in the Directory Access authentication tab and specify the correct LDAP server.
Document Information | |
Product Area: | MC |
Category: | |
Sub Category: | |
Keywords: | kmosx ktech |
|
|||||||