What You've Learned Network security configuration should be preceded by network security design in which you analyze requirements, identify user communities and traffic flow, and analyze typical threats. Security threats include reconnaissance attacks and DoS attacks. Methods for implementing your secure network design include NAT, VPN, and firewallsall of which you can implement on Mac OS X Server. The easiest way to configure NAT on Mac OS X Server is to use the Gateway Setup Assistant, which starts the NAT process, enables DHCP, sets aside addresses for DHCP to use, enables the firewall, and adds a divert firewall rule to direct traffic to the correct, privately addressed computer. The easiest way to configure VPN is to use the Gateway Setup Assistant, which starts the VPN process, assigns addresses for use by VPN clients, and configures VPN to use L2TP with IPSec. The Mac OS X firewall is configured using Server Admin. You can also directly manipulate the firewall with the ipfw UNIX feature (although usually that's not necessary, with the exception of the ipfw show command). You should configure firewall rules to lock down traffic to the server, including remote administration and Web, mail, file, and DNS traffic. You should also configure firewall rules to lock down traffic through the server to control what traffic is allowed in and out of the connected networks. Logging firewall data is advisable so that you can confirm that your rules are working and keeping out unwanted network traffic. References Apple Knowledge Base Documents The following Knowledge Base documents (located at www.apple.com/support) provide further information about firewalls: Document 107846, "Mac OS X Server 10.3, 10.4: About firewall settings and logging" Document 106439, "Well Known TCP and UDP Ports Used By Apple Software Products" Books Greenberg, Eric. Mission-Critical Security Planner (Wiley & Sons, 2003). Hines, Annlee A. Planning for Survivable Networks (Wiley & Sons, 2003). Kaeo, Merike. Designing Network Security, 2nd ed. (Cisco Press, 2003). Oppenheimer, Alan B., and Whitaker, Charles H. Internet Security for Your Macintosh (Peachpit Press, 2001). Oppenheimer, Priscilla. Top-Down Network Design, 2nd ed. (Cisco Press, 2004). Oppenheimer, Priscilla, et al. Troubleshooting Campus Networks (Wiley & Sons, 2002). URLs Apple "Mac OS X Network Services Administration": http://manuals.info.apple.com/en/MacOSXSrvr10.3_NetworkServicesAdmin.pdf Peter Hickman, "Exploring the Mac OS X Firewall": www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html National Institute of Standards and Technology, Computer Security Resource Center: http://csrc.nist.gov/index.html |