1994 – AppleShare currently comes in three flavors: AppleShare 3.0, AppleShare 4.0, and AppleShare Pro. They differ in performance and platform. AppleShare 4.0 is designed to take advantage of 68040-based Macs, and AppleShare Pro utilizes the specialized hardware and operating environment of the Apple Workgroup Server 95. All three flavors have the same security features.
AppleShare Supported Platforms
- AppleShare 3.0: Any Macintosh computer
- AppleShare 4.0: Centris 610, Quadra 700, 800, or 950
- AppleShare Pro: Apple Workgroup Server 60, 80, or 95
AppleShare has three levels of access privileges: Owner, Group, and Everyone. These can be assigned to folders on shared volumes. A folder’s owner can also assign a special set of other privileges to one other user, rather than to a group of users. These other privileges include full access, a drop folder with only write access, and no access.
Additionally, users can protect their data by preventing others from seeing files enclosed in folders, by preventing others from seeing folders enclosed in folders, by preventing others from writing to a folder, and by preventing others from writing to, or seeing, folders and files.
AppleShare 3.0 (and higher) uses a concept called “inherited privileges.” When you create a new folder with AppleShare workstation software, it inherits the privileges of the folder within which it is created. When you create a folder and move it to another folder on the server, it adopts the privileges of that folder. Only if you deliberately change its privileges does it retain explicit privileges when you move it around.
AppleShare supports passwords for log-on. The software has options for minimum password length, password aging (to force users to change their passwords regularly), password history (to prevent users from using the same password over again immediately), and account disabling after a certain number of unsuccessful access attempts.
It also has mechanisms for temporary accounts and for guest logons (which can be turned off). Also, an administrator can force any user to immediately log off.
AppleShare Security Measures
- Minimum password length
- Password aging
- Password history to prevent immediate reuse
- User restriction from saving passwords in a file
- Account disabling after specified number of password failures
- Adjustable time limit for temporary accounts
- “Guest” access turned off by default
- Copy-protection setting for documents
- “Lock” setting for folders
- Inherited folder privileges
- Administrator log-off of any user
Remote Access Control and Security
The simplest, and least secure, way to protect incoming modem lines is to set up password security. Each user has a password, and he has to enter it correctly as part of the dial-in process. All remote-access hardware has password options that are easy to install and use.
Better security comes from a dial-back modem. With a dial-back modem, a user calls the device and types in his name. The modem breaks the connection, looks for the user’s name in its database, and calls him back at the telephone number it has stored. This works great, but assumes that users always dial in from the same telephone number. Users who are constantly on the road, calling in from a variety of locations, won’t be able to use this feature. There is also a way to defeat most dial-back modems, but it is so new that I am leery of describing it here.
Unlike the first version, AppleTalk Remote Access 2.0 consists of separate client and server applications. The ARA Multiport Server software (which also includes the Apple Remote Access Personal Server software) combines the Remote Access Administrator with a number of additional security features.
Two new security features lock out unauthorized callers and place restrictions on unauthorized calls. Third-party developers can take advantage of a new modular design to implement additional security protocols, beyond the password and call-back measures in Version 1.0. Some of the security products announced include Kerberos, SecurlD Cards, and SofKeyPlus (see reviews at end of chapter).
Using ARA 2.0, the administrator can also restrict specific users’ access to only certain network zones. In Version 1.0, the only access options to give remote users are either to the ARA server, or to the entire network.
The Administrator application must always be running because it also functions as a server. A lock feature prevents unauthorized changes to the Administrator settings from the server
The Administrator shares some of AppleShare’s settings for password expiration, password length, and anti-infiltration measures. ARA 2.0 administrators can assign each user an individual connection time limit, and user accounts can be disabled after a specific number of incorrect password attempts. ARA 2.0 also supports an audit log to record calling and answering activities.
The Apple Remote Access Multiport Server uses Apple’s License Manager. Each copy of the administrative software searches the network for other copies, and compares serial numbers. When duplicates are found, the applications begin sending messages to administrators urging them not to illegally copy software.
This information is from Protect Your Macintosh by Bruce Schneier, copyright 1994 and published by Peachpit Press. The entire book can be freely downloaded from the following sources:
Keywords: #appleshare #applesharesupportedplatforms
Short link: http://goo.gl/jIIdjS