>
> > I find the request to permit AppleTalk through your firewall somewhat
> > mystifying. How are people planning to get AppleTalk to your network?
> > No network provider that I know of is routing AppleTalk so who would be
> > using this hole in your firewall, and how would they get AppleTalk packets
> > to your firewall?
>
>
> Well, in a slightly different situation, it's possible. We will have an
> AppleTalk Remote Access server installed. This allows people to dialup to
> our network from a Macintosh, and access all net services as though they
> were a local user.
>
> Now, I don't trust Apple's login/password stuff, since (as always) people
> often chose insecure passwords. So, I'd like to be able to restrict access
> to the network from the ARA server. The ideal solution would be an AppleTalk
> firewall, if such a beast is even possible.
>
> Failing that, I'll have to completely disable routing from the ARA server to
> the internal net, and put all the servers on a touchdown network outside our
> routers... Yuck.
>
I think ARA is definitely the way to go but as metioned, Apple's passwd/login
stuff is easily bi-passed. Caymen, however, does make an ARA box which can be
used with Secure ID. It's probably worth looking into if you really need remote
access for the Macs.
David Law - Systems Administration Internet: davidl @
Newbridge .
COM
Newbridge Networks Corp. postmaster @
Newbridge .
COM
PO Box 13600 600 March Road, Tel: (613) 591-3600
Kanata Ontario, Canada K2K 2E6 Fax: (613) 591-3680
Follow-Ups:
|
|
