• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

Firewall, networking, and MacOS

Here's an advanced networking question. Our office runs a mixed MacOS (9.x) and Windows (98, NT4, 2K) environment, all on a Windows (NT4 and 2K) server platform. We're on a dedicated T1 at the office and have a decent hardware firewall. We also have several remote Mac users (on DSL or cable modems) who sometimes take work home on their Powerbooks.

The firewall is good in that it's secure; not good in that now Mac users who want to work from home can no longer mount our Win2K servers (which are configured to allow Mac file sharing over TCP/IP) from home. I guess that what we're looking for is basically a very simple VPN.

What are the steps involved in getting this to work? What are the known security threats? How do we keep our network and servers reasonably secure?
0
huafi
Asked:
huafi
1 Solution
 
weedCommented:
You have to open up the firewall to allow connections to the appropriate ports on the Win servers. Thats purely firewall configuration. The obvious security risks are that the ports are open to anyone and if they figure out the passwords to those appleshare volumes they could do alot of damage.
0
 
huafiAuthor Commented:
Thanks, weed. That much I knew. I'm looking for specific answers: what known ASIP on Win2K holes are there? are there corresponding patches/fixes? what port does ASIP on Win2K use, and how difficult/useful is it to change the port mapping?
0
 
weedCommented:
I don't think there are any known holes in ASIP as long as you dont use funky 3rd party web server plugins and even then i think the known ones have been patched. Of course Win2k has lots of holes and more are being discovered every day. The best you can do there is keep up with the Microsoft Service Pack releases. I have no idea what port ASIP uses on Win2k but that shouldnt be hard to find out with a simple packet sniffer on your network. The difficulty of changing the port mapping depends on your router/firewall. Mine is a 30 second process of opening the admin app and adding an entry. It purely depends on your setup but its certainly not a 20 minute process. 3 minutes tops.
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 
mshivdasCommented:
I would probably look for a Mac VPN solution that could establish a true VPN connection with your firewall.  That would mean that all connections between the client Macs and your firewall would be encrypted and no ports would need to be opened on the firewall.
0
 
WIF567Commented:
FYI on ASIP...
Your chooser's Appletalk looks to gain access through TCP port 548 to establish a connection with an ASIP Server.

Contact your Server Software maker and find out how to change the port that afp:// is routed through.  Change the port on your server to a port that you can monitor on your firewall.

Then have the clients log into your server by going to the chooser  "Server IP Address..." button to and manually specify the IP address of the server, followed by a colon and the new port number. For example: afp://255.255.255.1:xxxx


In order for me to hack your server I need to know
1) The public side IP address
2) The  Port number.
3) The User login and password

0
 
WIF567Commented:
OHHH... 1 more thing...  Checkout http://www.apple.com/support/security/
0
 
the_nikonCommented:
check also in

http://www.macwindows.com/MSProxy.html

there an special article about the mac conectins on PC
0
 
weedCommented:
Time to pick an answer huafi.
0
 
trafd0Commented:
I do not know how much the company wants to spend on finding a solution but, another option could be a hardware VPN Solution if they are just working from home and not traveling.  One of them is a sonicwall.  They are a bit expensive but, provide great VPN and encryption capabilities.  
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now