This is a question for security people and the people who have worked on networks over the years. My understanding of this is fairly complete, but I may be missing something.
I work a few days a week with a group for the last 2 years. I have been using my MacAir and iPad to access the web based program and I use Microsoft Outlook and Teams at times.
Now the company has instituted a policy that you have to have a company product (Levano Laptop) to access the Wifi. Anyone else has to use the guest WiFi, which when I last checked the speed was 11 on downloads on Speedtest. Basically unusuable. At this time I am using my phone as a HotSpot but plan to activate my iPad for cellular and hope that coverage there is good enough.
But to the main point. I would like to know what the risks are with using a Mac product on the WiFi network? Since most of the ransomwear vulnerabilities happen through Windows I could not figure out how I would be creating a vulnerability just by using the network. Does anyone have ideas?
I can guess. They use their Microsoft Active Directory to give limited access to network resources for Windows-based PCs. They could probably do that for your Mac if you were willing to accept a profile locking down your Mac, but if they are a Microsoft-only firm, they do not want to learn how, and you would maybe not like to give them access to your Mac.
A malicious person with a Mac could probably do a lot of harm depending on what goes on in that network.
The issue is much less about the Mac than it is about equipment that is not configured, managed, and controlled by the company.
Many organizations have a blanket policy that strictly prohibits other devices from connecting to the private network. It can be very inconvenient, but especially if the organization works in a sensitive area, the policy really does make sense.
There also is a decent chance that the organization’s insurance company and some of its major external collaborators, clients, etc. contractually require such policies.
If you are a third party working on an internal project frequently enough, the “best practice” is to issue you a managed device to work from. To be honest, I’m surprised at how many organizations don’t strictly enforce such policies.
I’m guessing that the Wi-Fi you used to use is inside the company’s network (i.e. on their intranet), but the guest Wi-Fi is connected direct to the public Internet.
The policy is not against Macs for security reasons. And, it probably isn’t a “Wi-Fi” thing either; they would have the same restrictions if you were trying to plug into hard-wired Ethernet.
They are blocking non-company equipment for two reasons:
They don’t want non employees to plug into their intranet. Such as, hackers who have snuck in, or are war-dialing.
They probably are running endpoint security protection and anti-virus software on the company devices, but they don’t know what’s on other equipment.
That last one is because a company can have the strongest firewall in the world protecting them from attack from the Internet, but then some employee lets their kids download Free! Hamster! Stickers! (actually, malware) to the computer, the employee brings it back to work, and then now they’ve been attacked from the inside. So they want to only let devices connect that they can trust because they are controlling the security software on the device.