Creating a security zone allows network administrators to control who can set up a Remote Access server on the network. Once you’ve created a security zone, only those individuals you’ve provided with a password will be able to set up their Apple Remote Access Personal Server or MultiPort Server to answer calls.
To create a security zone, you need:
• the Security Zone Creator software, a HyperCard stack included on the disk with this document
• access to an AppleTalk seed router
Creating a Security Zone
======================
Creating a security zone involves generating a security zone name using the Security Zone Creator software; selecting a password for the security zone; and creating a zone on an AppleTalk seed router with the exact zone name generated by the Security Zone Creator.
To create a security zone:
1. Open the Security Zone Creator HyperCard stack.
The following dialog box appears:
2. Click the Make Secure Zone Name button.
The following dialog box appears:
3. Type a password (8 characters maximum), then click the OK button.
A dot (•) appears for each character you type. The security zone requires
this special Data Encryption Standard (DES) password whenever an attempt
is made to enable answering on the network.
The following dialog box appears:
4. Click the OK button.
The Security Zone Creator stack creates a zone name and password as shown
in the following dialog box:
5. After you generate the zone name, you must create a zone name on an AppleTalk seed router that exactly matches the name generated. Once you create the zone name, it will be distributed throughout your network by the Routing Table Maintenance Protocol (RTMP) For details about creating a zone name on an internet router, see the “Apple Internet Router Administrator’s Guide.”
NOTE: Having only one router maintain the security zone name may leave your network vulnerable. If this one router fails, the security zone name will disappear from the remaining network. Creating this zone name on multiple routers throughout the network will eliminate this single point of failure.
Once the security zone is created, the Apple Remote Access Personal Server software requests a password the first time a user attempts to enable answering by clicking the “Answer calls” checkbox in the Remote Access Setup window:
In addition, the Apple Remote Access MultiPort Server requests a password the first time you attempt to turn on ports in the Port Configuration window:
NOTE: Once you set up a security zone, these additional security features prevent unauthorized answering on the network:
• If a Remote Access Personal Server is not connected to the network when answering is set up and then reconnects to the network, or if a security zone is established after answering is set up, answering will be disabled when a user attempts to dial in. The user will then be disconnected.
• If a Remote Access MultiPort Server is not connected to the network when ports are turned on and then reconnects to the network, or if a security zone is established after ports are turned on, ports will be turned off when a user attempts to dial in. The user will then be disconnected.
