Filter
Top Products
About Network Security
Network security is as important to data integrity as physical security. Although
someone might immediately see the need to lock down an expensive server, he or she
might not immediately see the need to restrict access to the data on that same server.
The following sections provide considerations, techniques, and technologies to assist
you in securing your network.
Firewalls and Packet Filters
Much like a physical rewall that acts as a physical barrier to provide heat and heat
damage protection in a building or for a vehicle, a network rewall acts as a barrier for
your network assets, preventing data tampering from external sources.
Mac OS X Server’s Firewall service is software that protects the network applications
running on your Mac OS X Server.
Turning on Firewall service is similar to erecting a wall to limit access. The service scans
incoming IP packets and rejects or accepts packets based on the rules you create.
You can restrict access to any IP service running on the server, and you can customize
rules for incoming clients or a range of client IP addresses. Services such as Web and
FTP services are identied on your server by a Transmission Control Protocol (TCP) or
User Datagram Protocol (UDP) port number.
When a computer tries to connect to a service, Firewall service scans the rule list for
a matching rule. When a packet matches a rule, the action specied in the rule (such
as allow or deny) is taken. Then, depending on the action, additional rules might be
applied.
If the server gets its Internet connection through an AirPort Extreme Base Station
(802.11n) or a Time Capsule, you can use it instead of the server’s rewall to protect
the network. You can automatically manage the base station or Time Capsule in the
Security pane of Server Preferences. AirPort automanagement isn’t available using
Server Admin.
You can also protect a small network with other kinds of Internet sharing routers,
but you must manage them manually. For more information, see Mac OS X Server
Getting Started.
Network DMZ
In computer network security, a demilitarized zone (DMZ) is a network area
(a subnetwork) that is between an organization’s internal network and an external
network like the Internet.
You can make connections from the internal and external network to the DMZ, and
you can make connections from the DMZ to the external network, but you cannot
make connections from the DMZ to the internal network.
52 Chapter 4 Enhancing Security