Reply to: RE>Creating a firewall on a Ma
"From: Fort McMurray Catholic Schools
I have a Mac WAN with approximatly 600 Macintoshes and about 40 zones of
eithernet and local talk scattered accross the city. I am looking at
putting in a dedicated 56K pipe into the internet from the central hub.
However, I want to put a firewall up to prevent problems on the internet
from invading my network. I have been told that there are products out
there which will allow people on my network to then access internet
directly without the use of dial up modems at each site.
What I need is security.
Can anyone out there help me.??
Thanks Richard
______________________________________________
Richard Critchley
Educational Technology Applications Developer
Ed Tech Department
Fort McMurray Catholic Schools,
9809 Main Street,
Fort McMurray, Alberta, T9H-1T7
CANADA"
Richard,
I'm not aware of any firewall products that actually <run> on a Mac. Macs do
however make good and inherently secure internet hosts (using MacOS, that is -
if you run MachTen or similar, then you get into the same problems as for any
unix host). The main things that have been missing for the Mac are a DNS package
(now in late alpha) and the ability to handle an arbitrarily large number of
simultaneous connections (which should be rectified by Open Transport this
summer).
That doesn't actually help you at the moment, so I'd suggest you look at either
the use of a unix-based firewall at your central hub (for further info, there
are people on this list far better qualified than I to advise you on products
and setup) or to do what we've done with our Mac networks and multiple sites,
which is to use paired Cisco routers at our central hub to create a DMZ
containing our "public" hosts whilst providing secure remote site and central
LAN access to the Internet. Setup of the access control lists is non-trivial
but, IMHO, provides a secure and flexible means of providing access. We
configure our routers via telnet from a Mac. As for providing access to your
remote sites without needing a modem, all I can suggest is that you'll need a
separate Switched 56/ISDN line from each site into your hub (in which case it
may be easier to provide separate access for each site!). We'll eventually be
looking at using a combination of basic and primary rate ISDN to provide
multiple channels for remote sites (e.g. basic rate at each site, coming into a
primary rate circuit at our hub). By doing it this way, we don't have to go to
the expense of a full-time leased line from every remote site.
Hope this helps at least somewhat
Regards,
Richard
_________________________________________________________________________
Richard Harris ___ ___ ___ __ ___
Senior Consultant / // // // / / / / //| /
Hyperion /__/ \_//__//-- /__/ / / // | /
richard @
hyperion .
co .
uk / / // /___/ \_/_/__// |/
Tel: +44 1483 301793 BRIDGING TECHNOLOGY AND BUSINESS
Fax: +44 1483 61657
_________________________________________________________________________
|
|
