LocalSend - Do you think of this as a security risk?
Posted by TxTechnician@reddit | sysadmin | View on Reddit | 6 comments
The app is fire, I like it. Works well and is really ez.
But today I learned there is a webapp version. Which just runs in the browser.
web dot localsend dot ORG
So, your ppl could use it without needing to install anything. As long as they are on the same networks it'll work.
One_Target2740@reddit
So what's the biggest concern? Data exfil? Yes, it's a security risk. Is AirDrop a security risk too? Yes. Email? Yep. Photographs? Well I'll be damned...
Risk is not a binary thing to consider and you should look into how risk management for 3rd party applications is structured, then create your threat model.
Depending on your environment it could be totally fine. It could also be just as bad as any other file sharing protocols if left unsecured.
Only you, your infra team, and your security team will be able to determine that. Sorry for the rant but you'd need to provide so much info in this post that I would just save myself the trouble and work on it internally.
HappyDadOfFourJesus@reddit
I implemented LocalSend at a local funeral home for thirteen workstations at they moved from iMac (AirDrop) to Windows. I didn't like connecting their personal phones to the company wifi but it is what it is.
TxTechnician@reddit (OP)
Praise apple for their ease of use. But F them for the walled garden.
Ya that app is really nice. I found out about the webapp version because I did a little video on it
I mean in that situation if it's absolutely necessary to keep the network separate then you could just create a network wherein the firewall rules are set up that the ports for LS are open between the networks.
In a small office it's not necessary IMO to seperate wifi access (assuming the environment isn't a special case like Medical or Legal).
Its the whole security/usability balance.
My front door is a 2ft thick solid concrete slab. I can't open it. But by golly it's secure as fort Knox minus the gun carrying gaurds.
Odd_Historian_4987@reddit
what are you protecting against? Stopping everything is impossible. (or you need to be inside NSA equivalent). Trying to protect all your data from everything all the time is impractical and exhausting. read https://ssd.eff.org/module/your-security-plan and also talk to management what they care about.
xendr0me@reddit
Everything is a security risk, it's just a matter of how you block, mitigate or implement it.
TxTechnician@reddit (OP)
Agreed. I've been to places where they wouldn't allow wireless mice due to some exploit.
I've been to a bank where the helpdesk was pissed to learn to the client had a network switch in their office. That's how I learned their mitigation against rouge network hardware was a sternly worded memo to the staff (the person at that office had bought a $10 switch and plugged it in to get his printer online in that office, due to tech support dragging their feet. I got called, I didn't work there, to setup the printer).