What You ve Learned

Previous page
Table of content
Next page

What You've Learned

  • Network security configuration should be preceded by network security design in which you analyze requirements, identify user communities and traffic flow, and analyze typical threats.

  • Security threats include reconnaissance attacks and DoS attacks.

  • Methods for implementing your secure network design include NAT, VPN, and firewallsall of which you can implement on Mac OS X Server.

  • The easiest way to configure NAT on Mac OS X Server is to use the Gateway Setup Assistant, which starts the NAT process, enables DHCP, sets aside addresses for DHCP to use, enables the firewall, and adds a divert firewall rule to direct traffic to the correct, privately addressed computer.

  • The easiest way to configure VPN is to use the Gateway Setup Assistant, which starts the VPN process, assigns addresses for use by VPN clients, and configures VPN to use L2TP with IPSec.

  • The Mac OS X firewall is configured using Server Admin. You can also directly manipulate the firewall with the ipfw UNIX feature (although usually that's not necessary, with the exception of the ipfw show command).

  • You should configure firewall rules to lock down traffic to the server, including remote administration and Web, mail, file, and DNS traffic. You should also configure firewall rules to lock down traffic through the server to control what traffic is allowed in and out of the connected networks.

  • Logging firewall data is advisable so that you can confirm that your rules are working and keeping out unwanted network traffic.

References

Apple Knowledge Base Documents

The following Knowledge Base documents (located at www.apple.com/support) provide further information about firewalls:

Document 107846, "Mac OS X Server 10.3, 10.4: About firewall settings and logging"

Document 106439, "Well Known TCP and UDP Ports Used By Apple Software Products"

Books

Greenberg, Eric. Mission-Critical Security Planner (Wiley & Sons, 2003).

Hines, Annlee A. Planning for Survivable Networks (Wiley & Sons, 2003).

Kaeo, Merike. Designing Network Security, 2nd ed. (Cisco Press, 2003).

Oppenheimer, Alan B., and Whitaker, Charles H. Internet Security for Your Macintosh (Peachpit Press, 2001).

Oppenheimer, Priscilla. Top-Down Network Design, 2nd ed. (Cisco Press, 2004).

Oppenheimer, Priscilla, et al. Troubleshooting Campus Networks (Wiley & Sons, 2002).

URLs

Apple "Mac OS X Network Services Administration": http://manuals.info.apple.com/en/MacOSXSrvr10.3_NetworkServicesAdmin.pdf

Peter Hickman, "Exploring the Mac OS X Firewall": www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html

National Institute of Standards and Technology, Computer Security Resource Center: http://csrc.nist.gov/index.html



Previous page
Table of content
Next page
Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan
BUY ON AMAZON
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
The Java Tutorial: A Short Course on the Basics, 4th Edition
Microsoft WSH and VBScript Programming for the Absolute Beginner
Special Edition Using FileMaker 8
DNS & BIND Cookbook
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy