Solved

Firewall, networking, and MacOS

Posted on 2001-06-06
9
396 Views
Last Modified: 2013-12-27
Here's an advanced networking question. Our office runs a mixed MacOS (9.x) and Windows (98, NT4, 2K) environment, all on a Windows (NT4 and 2K) server platform. We're on a dedicated T1 at the office and have a decent hardware firewall. We also have several remote Mac users (on DSL or cable modems) who sometimes take work home on their Powerbooks.

The firewall is good in that it's secure; not good in that now Mac users who want to work from home can no longer mount our Win2K servers (which are configured to allow Mac file sharing over TCP/IP) from home. I guess that what we're looking for is basically a very simple VPN.

What are the steps involved in getting this to work? What are the known security threats? How do we keep our network and servers reasonably secure?
0
Comment
Question by:huafi
9 Comments
 
LVL 30

Expert Comment

by:weed
ID: 6161328
You have to open up the firewall to allow connections to the appropriate ports on the Win servers. Thats purely firewall configuration. The obvious security risks are that the ports are open to anyone and if they figure out the passwords to those appleshare volumes they could do alot of damage.
0
 
LVL 3

Author Comment

by:huafi
ID: 6161606
Thanks, weed. That much I knew. I'm looking for specific answers: what known ASIP on Win2K holes are there? are there corresponding patches/fixes? what port does ASIP on Win2K use, and how difficult/useful is it to change the port mapping?
0
 
LVL 30

Expert Comment

by:weed
ID: 6161670
I don't think there are any known holes in ASIP as long as you dont use funky 3rd party web server plugins and even then i think the known ones have been patched. Of course Win2k has lots of holes and more are being discovered every day. The best you can do there is keep up with the Microsoft Service Pack releases. I have no idea what port ASIP uses on Win2k but that shouldnt be hard to find out with a simple packet sniffer on your network. The difficulty of changing the port mapping depends on your router/firewall. Mine is a 30 second process of opening the admin app and adding an entry. It purely depends on your setup but its certainly not a 20 minute process. 3 minutes tops.
0
 
LVL 1

Expert Comment

by:mshivdas
ID: 6169846
I would probably look for a Mac VPN solution that could establish a true VPN connection with your firewall.  That would mean that all connections between the client Macs and your firewall would be encrypted and no ports would need to be opened on the firewall.
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 2

Accepted Solution

by:
WIF567 earned 200 total points
ID: 6229021
FYI on ASIP...
Your chooser's Appletalk looks to gain access through TCP port 548 to establish a connection with an ASIP Server.

Contact your Server Software maker and find out how to change the port that afp:// is routed through.  Change the port on your server to a port that you can monitor on your firewall.

Then have the clients log into your server by going to the chooser  "Server IP Address..." button to and manually specify the IP address of the server, followed by a colon and the new port number. For example: afp://255.255.255.1:xxxx


In order for me to hack your server I need to know
1) The public side IP address
2) The  Port number.
3) The User login and password

0
 
LVL 2

Expert Comment

by:WIF567
ID: 6229032
OHHH... 1 more thing...  Checkout http://www.apple.com/support/security/
0
 

Expert Comment

by:the_nikon
ID: 6359144
check also in

http://www.macwindows.com/MSProxy.html

there an special article about the mac conectins on PC
0
 
LVL 30

Expert Comment

by:weed
ID: 6636424
Time to pick an answer huafi.
0
 

Expert Comment

by:trafd0
ID: 6688447
I do not know how much the company wants to spend on finding a solution but, another option could be a hardware VPN Solution if they are just working from home and not traveling.  One of them is a sonicwall.  They are a bit expensive but, provide great VPN and encryption capabilities.  
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to extract the music from an iPod with freeware. Freeware      Not for iTouch or iPhone only works under Windows. iDump            http://www.softpedia.com/get/IPOD-TOOLS/Multimedia-IPOD-tools/iDump.shtml Sadly, newer versions of iDump are no longer fre…
Smartwatches: just a fashion accessory or a useful device for all? The Apple Watch (http://www.apple.com/watch/) was launched in April of 2015 and has become a new way for iPhone users to stay connected. Ranging from $349 to $17,000, the Apple Watch…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now