Server Management and Security
Establishing a Web server is a formidable task, but it's nothing compared to maintaining one. This is especially so if the Web server is only a small portion of your network, or if you have to dole out different security privileges to different departments or clients.
There are two paths you can take:
Hire out for custom programming
Rely on third-party applications
Custom programming is expensive and time-consuming. If you want to throw up a few Web servers and manage them remotely, I recommend using prefabricated tools for this task. And, if your environment is predominantly Macintosh, the applications that follow are indispensable.
EtherPeek by WildPackets, Inc.
2540 Camino Diablo, Suite 200
Walnut Creek, CA 94596
WildPackets, Inc., formerly known as AG Group, has the most outstanding network utility around. EtherPeek is a protocol analyzer for Macintosh that supports a wide range of protocols, including but not limited to the following:
EtherPeek is not your run-of-the-mill protocol analyzer but a well designed commercial sniffer. It includes automatic IP-to-MAC translation, multicasts, real-time statistics, and real-time monitoring. EtherPeek also includes integrated support for handling the LAND denial of service attack that recently took down so many servers. If you are in a corporate environment, this would be a wise purchase.
InterMapper 3.0 by Dartmouth Software Development
Dartmouth Software Development
6028 Kiewit Computer Center
Hanover, NH 03755-3523
InterMapper (developed by Bill Fisher and Rich Brown) is an excellent tool that can save Macintosh system administrators many hours of work. The application monitors your network for possible changes in topology or failures in service. (Network management is achieved using the Simple Network Management Protocol.)
One especially interesting feature is InterMapper's capability to grab a network snapshot. This is a graphical representation of your network topology. (Network topology is more or less automatically detected, which saves a lot of time.) InterMapper even enables you to distribute snapshots across several monitors for a widened view.
The network snapshot is extremely detailed, enabling you to quickly identify routers that are down or having problems. (You can actually specify how many errors are permissible at the router level. When a particular router exceeds that limit, it is flagged in a different color.) Clicking any element (whether machine or router) will bring up information boxes that report the element's IP address, the traffic it's had, how many errors it's had, and so forth. If there has been trouble at a particular node, you will be paged immediately. In all, InterMapper is a very complete network analysis and management suite.
InterMapper provides simultaneous support for both AppleTalk and IP. Check out the demo version at http://www.dartmouth.edu/netsoftware/intermapper/demoForm.html.
MacPork is a small program that enables you to scan a server for tracking holes and exploiting them. MacPork scans more than 271 vulnerabilities and retrieves passwords and information in 175 different manners. MacPork has been designed to find 177 Trojans installed on different servers. MacPork includes an intelligent search engine that can find eventually exploitable servers in two seconds. MacPork knows 66 ways to overflow a system and 86 holes in UNIX protocols (FTP, SMTP, NetBIOS, Finger, Rservices, and RPC). If you are lazy, you can launch 30 simultaneous scans and go to bed. A few hours later, you will have a detailed log. MacPork runs in the background, so that you can do everything else during a scan. An exclamation point icon ("!") in a little window will alert you if MacPork finds something.
Notice that this application is no longer in development; watch the Web site http://freaky.staticusers.net/ for new information.
MacRadius by Cyno
Cyno Technologies, Inc.
1082 Glen Echo Avenue
San Jose, CA 95125
RADIUS technology is imperative if you run an ISP or any system that takes dial-in connections. Management of user dial-in services can be difficult, confusing, and time consuming. That's where RADIUS comes in. Authors of the RADIUS specification describe the problem and solution as follows:
Since modem pools are by definition a link to the outside world, they require careful attention to security, authorization and accounting. This can be best achieved by managing a single "database" of users, which allows for authentication (verifying user name and password) as well as configuration information detailing the type of service to deliver to the user (for example, SLIP, PPP, telnet, rlogin). RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user.
To learn more about RADIUS, you should obtain RFC 2058, which is located at http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2058.txt.
In short, RADIUS offers easy management of a centralized database from which all dial-in users are authenticated. RADIUS implementations also support several different file formats, including native UNIX passed files. Lastly, RADIUS implementations offer baseline logging, enabling you to determine who logged in, when, and for how long.
If you've ever dreamed of having RADIUS functionality for Mac OS, MacRadius is for you. It is a very refined application, offering you the ability to build complex group structures. In this way, adding new users (and having those new users automatically inherit the attributes of other users) is a simple task. And, of course, all of this is packaged in an easy-to-use, graphical environment characteristic of Macintosh applications.
Network Security Guard
MR Mac Software
P.O. Box 910091
San Diego, CA 92191-0091
Have you ever dreamt about SATAN for Mac OS? What about a program that would automatically scan your Mac OS hosts for security vulnerabilities? If so, you need to get Network Security Guard.
Network Security Guard operates over AppleTalk and checks for the following:
Accounts without passwords
But wait. There's more. Network Security Guard has a brute force password cracking utility so you can test the strength of network passwords. And your reports can be formatted in several ways and forwarded to you over the network. Lastly, you can schedule timed security assessments. All these features make Network Security Guard a great choice. It can save you many hours of work. (Sorry, this application is a commercial one, not shareware. However, it's well worth the cost.) No official Web site for this product has been found. I'm sure MR Mac is still willing to accept money for the commercial product via U.S. Postal Service.
Oyabun Tools released by Team2600 is an application you can use to send remote commands to control your Mac. For example, if you notice your Macintosh server is slowing down and you are not at the office to reboot it, you can use the Oyabun Send to restart the machine. This program does not require any installation just double-click! Oyabun Tools consists of two products:
Oyabun Send lets you send shutdown/restart/sleep commands over the Internet to other Macs that already have Oyabun Tools Pro installed.
Oyabun Tools Pro lets you send shutdown/restart/sleep commands to other Macs over the Internet. It also lets you set up Macs to receive these commands. This package has everything that comes in the Oyabun Send package.
Silo, created by Logik, a Macintosh security guru, is a remote system analysis tool designed for security and administrative evaluation purposes. It features full documentation; remote concept password and file structure generation; network mapping; OS fingerprinting; and remote system, client, administrative, domain, protocol, and network analysis and monitoring.
Logik's home page can be found at http://logik.accesscard.org/. Download Silo from http://freaky.staticusers.net/update.shtml.
Timbuktu Pro 2000
2470 Mariner Square Loop
Alameda, CA 94501
Timbuktu Pro 2000 for Mac OS is a powerful and versatile remote computing application. Although not specifically a security program, Timbuktu Pro is a valuable tool for any Web administrator. Timbuktu Pro currently supports TCP/IP, AppleTalk, IPX, and Open Transport. Through these protocols, you can remotely manage any box (or series of them).