huafi
asked on
Firewall, networking, and MacOS
Here's an advanced networking question. Our office runs a mixed MacOS (9.x) and Windows (98, NT4, 2K) environment, all on a Windows (NT4 and 2K) server platform. We're on a dedicated T1 at the office and have a decent hardware firewall. We also have several remote Mac users (on DSL or cable modems) who sometimes take work home on their Powerbooks.
The firewall is good in that it's secure; not good in that now Mac users who want to work from home can no longer mount our Win2K servers (which are configured to allow Mac file sharing over TCP/IP) from home. I guess that what we're looking for is basically a very simple VPN.
What are the steps involved in getting this to work? What are the known security threats? How do we keep our network and servers reasonably secure?
The firewall is good in that it's secure; not good in that now Mac users who want to work from home can no longer mount our Win2K servers (which are configured to allow Mac file sharing over TCP/IP) from home. I guess that what we're looking for is basically a very simple VPN.
What are the steps involved in getting this to work? What are the known security threats? How do we keep our network and servers reasonably secure?
weed
You have to open up the firewall to allow connections to the appropriate ports on the Win servers. Thats purely firewall configuration. The obvious security risks are that the ports are open to anyone and if they figure out the passwords to those appleshare volumes they could do alot of damage.
ASKER
Thanks, weed. That much I knew. I'm looking for specific answers: what known ASIP on Win2K holes are there? are there corresponding patches/fixes? what port does ASIP on Win2K use, and how difficult/useful is it to change the port mapping?
I don't think there are any known holes in ASIP as long as you dont use funky 3rd party web server plugins and even then i think the known ones have been patched. Of course Win2k has lots of holes and more are being discovered every day. The best you can do there is keep up with the Microsoft Service Pack releases. I have no idea what port ASIP uses on Win2k but that shouldnt be hard to find out with a simple packet sniffer on your network. The difficulty of changing the port mapping depends on your router/firewall. Mine is a 30 second process of opening the admin app and adding an entry. It purely depends on your setup but its certainly not a 20 minute process. 3 minutes tops.
I would probably look for a Mac VPN solution that could establish a true VPN connection with your firewall. That would mean that all connections between the client Macs and your firewall would be encrypted and no ports would need to be opened on the firewall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OHHH... 1 more thing... Checkout http://www.apple.com/support/security/
check also in
http://www.macwindows.com/MSProxy.html
there an special article about the mac conectins on PC
http://www.macwindows.com/MSProxy.html
there an special article about the mac conectins on PC
Time to pick an answer huafi.
I do not know how much the company wants to spend on finding a solution but, another option could be a hardware VPN Solution if they are just working from home and not traveling. One of them is a sonicwall. They are a bit expensive but, provide great VPN and encryption capabilities.