Files and Devices on Your Network Are Vulnerable to Mischief and Mistakes. These Tips and Tools Will Keep Your Data Safe.
Mitzi Waltz
Net Tools/
YOU'VE GOT A LAN, but do you have a plan? Your network may be a conduit for snoops and resource abusers, many of whom work in your own office. Here are some typical security breaches and a few ways you can protect your data and the network.
Passwords and common sense are your first line of defense against intruders. Insist that everyone in the office use passwords to protect e-mail accounts and servers. Some remote-access and file servers allow an administrator to force users to change passwords frequently, for added security. Enforcement is easy if you manage a file server: No one can reach it without a password. Don't activate any network-based accounts without passwords. To further instill security consciousness, provide your users with guidelines for "safe computing" -- such as not using names, Social Security numbers, or other easy-to-guess passwords and not leaving passworded applications and volumes open and unattended.
Viruses represent another kind of security breach. They can be transmitted along with files across a network or via floppy disks. Network-based products such as Virex Administrator, from Datawatch (508-988-9700), assure that you have universal coverage. Managers can remotely install Virex on all networked Macs and can scan for infection as needed.
Guarding Shared Resources
Do you suspect that the mail clerk is secretly printing his Roller Derby fanzine on your high-dollar dye-sub printer? Are employees playing Marathon on the Internet, preventing legitimate users from accessing a network modem for work purposes? You can restrict access to network devices by using software tools such as MacAdministrator, from Hi Resolution (800-455-0888 or 408-257-2151). If you want to leave access open but keep tabs on one or more problem users, you can use MacAdministrator to log network-device use. If you use AppleTalk routers to segment your network, you can lock users out of entire zones (and the network devices located there) where they have no business. You might move imagesetters or other expensive resources to a single zone that's accessible by only a few users.
You can monitor file servers for security leaks or simply track which machines are up and running. Server Tools, from Santorini Consulting (800-851-7824 or 415-563-6398), for example, includes utilities that notify an administrator when there have been several failed log-ins to a server account, keeps track of how long it has been since passwords were last changed, and raises alarms when servers crash.
I Didn't Mean to Share That
Since many people use file sharing instead of or in addition to storing files on a server, plenty of office data available on the network is often out of your control. Often, users share more of their hard disks' contents than they intend. Work with users to keep confidential data out of shared folders or on a well-protected server. Nok Nok and Nok Nok A/S (for AppleShare servers), from The AG Group (510-937-7900), can identify guests by name and track sharing activity.
Thwarting Snoops
Passworded network data isn't very safe if intruders can walk up to a Mac and double-click their way into confidential files. Hard-disk-security products such as FolderBolt Pro with Cryptomactic and NightWatch II, from Kent*Marsh (713-522-5625), or FileGuard and DiskGuard, from ASD Software (909-624-2594), place passwords on local volumes and folders and can encrypt data. FolderBolt's MacSafe administrator and Norton DiskLock Administrator, from Symantec (800-441-7234 or 503-465-8484), let a network manager remotely lock folders on users' Macs.
The Corporate Spy
If sensitive corporate data is at stake, you may need to up the ante, adding DES encryption. RSA Secure, from RSA Data Security (415-595-8782), and ultraSECURE, from usrEZ (800-482-4622 or 714-756-5140), add Defense Department-style encryption to disks, folders, and files. The RSA package lets administrators distribute decryption authority to a large group of users, each of whom must agree to decrypt the data. usrEZ's ultraCOMMAND lets an administrator enforce ultraSECURE encryption around a network. s
Mitzi Waltz is a Portland, Oregon-based writer. Her first book, The Internet International Directory, was published by Ziff-Davis Press this summer.
