Lesson18.Secure Network Configuration | Apple Training Series: Mac OS X System Administration Reference, Volume 1

Lesson 18. Secure Network Configuration

Time

This lesson takes approximately 2 hours to complete.

Goals

Understand network security design principles

Learn methods for implementing a secure network design, including NAT, VPNs, and firewalls

Use the Mac OS X Gateway Setup Assistant to enable and configure routing, NAT, and VPN services

Use the Mac OS X Server Admin application to configure the firewall service

Create firewall rules to lock down traffic to and through a Mac OS X server, including remote administration traffic, Web and e-mail traffic, DNS zone transfers, pings, and ping replies

Configure Mac OS X firewall service for stealth mode

Analyze firewall rules with the UNIX ipfw show command

Monitor network security with logging

Mac OS X Server can handle advanced network security tasks that were once the specialized job of expensive, hard-to-use hardware devices. With the Mac OS X Gateway Setup Assistant and Server Admin applications, you can easily configure a Mac OS X server to act as a router, a Network Address Translation (NAT) gateway, a virtual private network (VPN) server, and a firewall.

Configuring a server to act as a router enables you to connect multiple networks to the server and route Internet Protocol (IP) traffic between the networks. Once you have multiple networks set up, NAT lets you use private addresses on the internal networks. VPNs allow remote users to connect securely to a private network and appear as if they are connected directly to the private network. The Mac OS X Server firewall helps you secure the server and implement policies regarding services that your internal and external users can reach.