None of us work for Apple except for those listed as moderators. This community is merely Apple users helping other Apple users.
@Etresoft was merely warning you about blocking Apple macOS network traffic. The tone was intended as a warning, because many of us assisting those on these community forums have experienced the pain of blocking Apple network connections and suffered the consequences. Then had to engage in lengthy battles with our corporate network security overlords to allow the Apple devices to function on the corporate network. These people trusted Microsoft, knew nothing about Apple and were suspicious of Apple.
You are viewing: What Is Mask-h2.icloud.com
Read more : What Does 114 Mean
There are many network services, which were historically not well documented that need to be allowed or things will break and in unexpected and unexplainable ways. I speak from experience, working in a Fortune 100 environment with ridiculous security and I had to fight with the Network Security staffers constantly to unblock Apple traffic. We had to whitelist all the Apple network connections. They tried to block the App Store and that blocked macOS security updates as a side effect. They were routing traffic through Zscaler, a packet inspection proxy. That broke Push Notifications which are critical when sending Configuration Profiles to corporate owned and managed Macs to lockdown and secure the devices.
Here’s a full list of things that need to be allowed on any network where Apple devices are functioning. Blocking any of these communications will cause problems and some of those problems may manifest in entirely unexpected and unusual ways.
Use Apple products on enterprise networks – Apple Support
Read more : What Is A Development Letter From The Va
Thankfully, Apple published the support document above and they’ve been keeping it up-to-date. It’s been invaluable to use as a reference when speaking with network security professionals. The mask.icloud.com Private Relay entries are new. If you wish to monitor and block traffic then you should keep this document handy to reference and to see any updates / changes as Apple upgrades macOS.
It’s not just Apple, we had to unblock a lot of Microsoft, Amazon, and Google things as well. Most of the big tech companies have adopted Zero Trust methodologies and are using the most advanced technology available. The traffic is heavily encrypted. For example when routing over a proxy such as Zscaler it’s using pinned certificates meaning the Zscaler proxy is acting as a man-in-the-middle so it can brute force break TLS / SSL encryption and inspect the packets. Big companies would consider that a cyber attack. This is something many corporations are deploying. Apple, Microsoft and others detect the certificate pinning / chaining and drop the traffic with zero response. They just blackhole the traffic, no errors, etc. This breaks Push Notifications and all sorts of critical functions on Apple devices. All the other Big Tech companies do the same. It’s a best practice methodology. All of these Big Tech companies are under constant cyber attacks including nationstate cyber warfare attacks. Apple takes user privacy very seriously, far more seriously than all the other companies.
It’s entirely within your purview to block whatever network traffic you wish. But know that if you do that with Apple traffic, various things will break. You may seek assistance with those broken things. You must then communicate that you are indeed blocking Apple network traffic. Because the first thing that needs to happen is you need to unblock that network traffic.
Source: https://t-tees.com
Category: WHAT
