Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
11121314151617181920
UNCLASSIFIED
UNCLASSIFIED
5
2. Network Architecture
Careful planning that incorporates security concerns must precede deployment of
Mac OS X Server in any network architecture. Apple’s Mac OS X Server
Administrative guides at
http://www.apple.com/server/documentation
provide
worksheets to assist in this process. Providing adequate isolation of the site network
from the outside world and properly separating functions for the computers within
the site network are basic security goals in designing a network.
2.1 Network Isolation
The site’s connection to external networks such as the Internet must be properly
protected. In general, this involves using a firewall to filter network traffic. The
firewall should prevent unwanted access to your network and its resources from
computers on the external network. For example, it’s common to set up file sharing
services such as AFP or SMB on a local network. Such services should not be
available to external users, and certainly not to external networks or the Internet at
large. A properly configured firewall can prevent external users from accessing the
file server.
Other measures such as intrusion detection systems, proxy servers, and host-based
firewalls can further bolster network defenses. Design of the site's external
connections is out of the scope of this guide. Cheswick and Bellovin’s “Firewalls and
Internet Security – Repelling the Wily Hacker” provides an introduction to many of
the issues involved. The NSA “Router Security Configuration Guide” provides
information on configuring some network boundary devices and using them as
firewalls.
2.2 Function Separation
Any computer system on a local area network can be classified into one of three main
categories: directory servers, other servers, and client systems. Any system on the
network should fall into exactly one of these categories, and never serve as one of the
others.
Directory servers are distinguished from other types of servers because they are used
to manage user and client system settings and contain user authentication data.
Planning the structure of the hierarchy of directory servers, including replicas and
backups, is especially important to ensure availability to all users. The “Open
Directory Planning” chapter in Apple’s “Mac OS X Server Open Directory
Administration Guide” provides a detailed explanation of this planning process.
Directory servers should be kept in a physically secure location to which non-
administrative personnel do not have access, and network access to these servers