|
|
Sponsored Content
Special Forums
Cybersecurity
Security for network
Post 9581 by PxT on Tuesday 30th of October 2001 11:15:09 AM
10-30-2001
|
|
6 More Discussions You Might Find Interesting
1. Cybersecurity
Hello peoples, I could really use some expert advice.
Currently I am starting my curriculumn in CompSci. I am very interested in Unix, Shell Programming and Network Security. I would Like to work in Compusec/Infosec........fight system vulnerability for my future employer.
What Cert would you... (3 Replies)
Discussion started by: pacman-iac
3 Replies
2. Cybersecurity
Hi, I'm currently in a Technical Writing class and I decided to do a report on network security. I need a primary source for this and decided that I would poll you fine people on your prefrences in security related software to get said primary source.
1. What webserver would you consider to be... (1 Reply)
Discussion started by: TYLERofDOOM
1 Replies
3. Shell Programming and Scripting
Hi,
I am about to take up task of shell scripting in Network Security. Just started on job. But everything looks new NIS etc..
I tried googling to find systematic explanation of network security terms and how to script for that. But was unable to find. Could anyone of you please direct me to... (1 Reply)
Discussion started by: tostay2003
1 Replies
4. UNIX for Advanced & Expert Users
I am going to take up a position in Data & Network Security.
I would need to write network shell scripts doing the following task:
Going to around 2000 servers and findout which groups has access to each servers and which ids are there in each group that has access.
I need to implement... (1 Reply)
Discussion started by: pinnacle
1 Replies
5. What is on Your Mind?
Hii i want to make career in networking and i m new in this field could u plz help me what should i do (2 Replies)
Discussion started by: pawan_kumar
2 Replies
6. Cybersecurity
Hi
I was wondering if someone could give some tips about network security postgraduate courses and/or certifications .
I know that is a generic question and a wide area, but that's the problem, the net is full of books, courses, or whatever.
My goal is to find a good course (or book) that... (0 Replies)
Discussion started by: Dedalus
0 Replies
LEARN ABOUT OSX
vpnd
vpnd(5) BSD File Formats Manual vpnd(5) NAME
vpnd -- Mac OS X VPN Remote Access Server File DESCRIPTION
This manual page describes the configuration elements contained in the /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist file. Should this file not be present on the target OS X Sys- tem, a template file has been provided in this manual page. The user can manipulate the contents of this file using a PLIST file editor (provided with any Mac OS X system), or any text editor. In this case, the user is assumed to have some basic understanding of Property Lists, and how to manipulate them. The goal of this page is to provide documentation on this configuration file's database structure and data fields, to facilitate the configu- ration and deployment of L2TP or PPTP VPN Servers by invoking vpnd without specifying any specific server profile. /ActiveServers Lists the server identifiers that are currently available for use. These servers will be started in the abscense of vpnd -i <server_id> parameter. /Servers Defines the following dictionaries: DNS, IPv4, Interface, PPP, Radius, Server (common); IPSec, L2TP (for L2TP tunnels only) /Servers/<server_id> Indicates a user-defined named VPN profile configuration, identified with the <server_id> parameter defined in vpnd(8) There are 2 default server configurations available: com.apple.ppp.l2tp and com.apple.ppp.pptp /Server/<server_id>/DNS Contains two Arrays of Strings: OfferedSearchDomains - which lets the server specify what DNS domain(s) a VPN client should belong to OfferedServerAddresses - which specify the primary and (optional) secondary DNS servers a VPN client will use to resolve FQDN's. /Servers/<server_id>/IPv4 Contains 4 arrays of Strings, and one String: DestAddressRanges - which specifies the start and end IP addresses range. The Server will give an IP address to a connecting PPP-VPN client after the successful negotiation of IPCP from this range. OfferedRouteAddresses - which lists the network address(es) to each route the Server will serve to any connecting VPN client. OfferedRouteMasks - which lists the network mask(s) to each route the Server will serve to any connecting VPN client. OfferedRouteTypes - which lists the attribute flag(s) to each route the Server will serve to any connecting VPN client. Valid types include: Public - VPN Client will forward traffic destined to VPN subnet to its Public interface. Private - VPN Client will forward traffic destined to VPN subnet to its Private interface. Default value is Public. ConfigMethod - The method through which a VPN IP interface will configure its IP address; default value is "Manual". /Servers/<server_id>/Interface - Specifies the VPN interface's base type: PPP or IPSec and, its subtype: L2TP or PPTP /Server/<server_id>/PPP - Defines Parameters necessary for PPP protocol negotiations for successful VPN functionality. AuthenticatorACLPlugins - Access Control List that determines if a given user accounts has sign-on priviledges to the VPN server. AuthenticatorPlugins - An optional plug-in used to authenticate local users with an account on the target server. Used in conjunction with OpenDirectory/DirectoryServices facilities. AuthenticatorEAPPlugins - User authentication using EAP protocol, with Digital Certificates. L2TP VPN uses Kerberos "EAP-KRB" certificates or RSA "EAP-RSA" SecurID tokens; PPTP VPN uses RSA SecurID tokens only. AuthenticatorProtocol - Protocol(s) in use for carrying out PPP authentication. Valid values are "MSCHAP", "MSCHAPv2", "PAP", "EAP" ACSPEnabled - Enable/Disable ACSP protocol, which passes DHCP-like messages from VPN client to server; used mostly to convey static routes from server to client and DNS domains. DisconnectOnIdle - Enable/Disable flag for PPP Connection Idling. If Enabled, PPP connection will terminate after not seeing any application data going through the VPN interface. DisconnectOnIdleTimer - Time to wait (in seconds) before PPP connection goes down without any data passing through the VPN interface. IPCPCompressionVJ - Enable/Disable IPCP Van-Jacobson Compression Algorithm. Recommended setting is Disable(0). LCPEchoEnabled - Enable/Disable Link Control Protocol (LCP) Echoing feature. LCPEchoFailure - Number of LCP Echo Requests sent without any response from the PPP peer before declaring PPP link failure (and subsequent teardown) LCPEchoInterval - Time interval in seconds elapsed between consecutive LCP Echo Requests sent to the PPP peer. LogFile - VPN log file for PPP VerboseLogging - Enables/Disables extra logging within PPP CCPEnabled (PPTP only) - Enables/Disables CCP negotiation for PPP; default value is true(1) CCPProtocols (PPTP only) - List of protocols supported by CCP layer; default value is "MPPE" MPPEKeySize128 (PPTP only) - Enables/Disables MPPE 128-bit encryption algorithm; default value is true(1) MPPEKeySize40 (PPTP only) - Enables/Disables MPPE 40-bit encryption algorithm; default value is false(0) Note: The previous 2 settings are not necessarily mutually-exclusive! The 2 PPP peers will attempt to negotiate to the strongest encryption policy, whenever possible. /Servers/<server_id>/Radius - Contains an Array with 2 Dictionaries. The entries are Radius servers that a VPN server must authenticate a client user against before completing the PPP negotiation. Each entry indicates the server's IP address, and the shared secret key used for the RADIUS AAA exchange between said server and the VPN server. The first Array entry indicates primary server, the other is secondary server. /Servers/<server_id>/Server - Contains VPN server parameters LogFile - VPN log file for PPP VerboseLogging - Enables/Disables extra logging within PPP MaximumSessions - maximum number of simultaneous VPN tunnel sessions active on the VPN server. This setting is now deprecated; the VPN sub- net determines the maximum number of sessions. LoadBalancingEnabled (L2TP only) - Enable/Disable load balancing feature for L2TP VPN. This feature allows a collection of L2TP VPN servers on a common LAN segment to share a common "virtual" address. A L2TP client can specify this virtual address to connect to the server. The server within the collection that "owns" the virtual address will then redirect the initial L2TP request message to the "least busy" server within the collection (which can include the redirecting VPN server!) LoadBalancingAddress (L2TP only) - L2TP load-balancing virtual IP address /Servers/<server_id>/IPSec - L2TP only; L2TP VPN tunnels are secured using IPSec transport mode, with IKEv1 negotiation. The following parameters configure the ISAKMP Security Association required to run this type of IPSec Security Association. AuthenticationMethod - the method for IKE authentication; default value is "SharedSecret" IdentifierVerification - Used during IKE negotiation; default value set to "NONE" LoadCertificate - X.509/PKI Certificate binary data LocalIdentifier - String identifying the local IPsec entity; not used for L2TP VPN. RemoteIdentifier - String identifying the remote IPsec entity; not used for L2TP VPN. SharedSecret - Shared secret String known between the negotiating L2TP peers. SharedSecretEncryption - Indicates where L2TP secret key information is stored. If set to "Keychain", the SharedSecret key value points to the shared secret key stored in the Keychain. If absent, SharedSecret value is to taken explicitly /Servers/<server_id>/L2TP/Transport - Defines the underlying transport protocol for L2TP; default value is IPSec TEMPLATE CONFIGURATION FILE
To properly extract this file, run the following command: man 5 vpnd | col -b > com.apple.RemoteAccessServers.plist and cut out the non-XML text from the file then copy the file to the proper directory. ---- CUT HERE ---- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ActiveServers</key> <array> <string>com.apple.ppp.l2tp</string> <string>com.apple.ppp.pptp</string> </array> <key>Servers</key> <dict> <key>com.apple.ppp.l2tp</key> <dict> <key>DNS</key> <dict> <key>OfferedSearchDomains</key> <array> <string>Replace with DNS search domain(s) - remove if not needed</string> </array> <key>OfferedServerAddresses</key> <array> <string>Replace with IPv4 DNS server address(es) - remove if not needed</string> </array> </dict> <key>IPSec</key> <dict> <key>AuthenticationMethod</key> <string>SharedSecret</string> <key>IdentifierVerification</key> <string>None</string> <key>LocalCertificate</key> <data></data> <key>LocalIdentifier</key> <string></string> <key>RemoteIdentifier</key> <string></string> <key>SharedSecret</key> <string>com.apple.ppp.l2tp</string> <key>SharedSecretEncryption</key> <string>Keychain</string> </dict> <key>IPv4</key> <dict> <key>ConfigMethod</key> <string>Manual</string> <key>DestAddressRanges</key> <array> <string>Replace with Starting VPN address - IPv4 address</string> <string>Replace with End VPN address - IPv4 address</string> </array> <key>OfferedRouteAddresses</key> <array> <string>Replace with Offered Routes addresses - remove if not needed</string> </array> <key>OfferedRouteMasks</key> <array> <string>Replace with Offered Route Masks - remove if not needed</string> </array> <key>OfferedRouteTypes</key> <array> <string>Replace with Offered Route Type(s) - remove if not needed</string> </array> </dict> <key>Interface</key> <dict> <key>SubType</key> <string>L2TP</string> <key>Type</key> <string>PPP</string> </dict> <key>L2TP</key> <dict> <key>Transport</key> <string>IPSec</string> </dict> <key>PPP</key> <dict> <key>ACSPEnabled</key> <integer>1</integer> <key>AuthenticatorACLPlugins</key> <array> <string>DSACL</string> </array> <key>AuthenticatorEAPPlugins</key> <array> <string>EAP-KRB</string> </array> <key>AuthenticatorPlugins</key> <array> <string>DSAuth</string> </array> <key>AuthenticatorProtocol</key> <array> <string>MSCHAP2</string> </array> <key>DisconnectOnIdle</key> <integer>1</integer> <key>DisconnectOnIdleTimer</key> <integer>7200</integer> <key>IPCPCompressionVJ</key> <integer>0</integer> <key>LCPEchoEnabled</key> <integer>1</integer> <key>LCPEchoFailure</key> <integer>5</integer> <key>LCPEchoInterval</key> <integer>60</integer> <key>Logfile</key> <string>/var/log/ppp/vpnd.log</string> <key>VerboseLogging</key> <integer>1</integer> </dict> <key>Radius</key> <dict> <key>Servers</key> <array> <dict> <key>Address</key> <string>Replace with Primary Server IPv4 Address</string> <key>SharedSecret</key> <string>Replace with Server Shared Secret string</string> </dict> <dict> <key>Address</key> <string>Replace with Secondary Server IPv4 Address</string> <key>SharedSecret</key> <string>Replace with Secondary Server Shared Secret string</string> </dict> </array> </dict> <key>Server</key> <dict> <key>LoadBalancingAddress</key> <string>Replace with IPv4 address</string> <key>LoadBalancingEnabled</key> <integer>0</integer> <key>Logfile</key> <string>/var/log/ppp/vpnd.log</string> <key>MaximumSessions</key> <integer>128</integer> <key>VerboseLogging</key> <integer>1</integer> </dict> </dict> <key>com.apple.ppp.pptp</key> <dict> <key>DNS</key> <dict> <key>OfferedSearchDomains</key> <array> <string>Replace with DNS search domain(s) - remove if not needed</string> </array> <key>OfferedServerAddresses</key> <array> <string>Replace with IPv4 DNS server address(es) - remove if not needed</string> </array> </dict> <key>IPv4</key> <dict> <key>ConfigMethod</key> <string>Manual</string> <key>DestAddressRanges</key> <array> <string>Replace with Starting VPN address - IPv4 address</string> <string>Replace with End VPN address - IPv4 address</string> </array> <key>OfferedRouteAddresses</key> <array> <string>Replace with Offered Routes addresses - remove if not needed</string> </array> <key>OfferedRouteMasks</key> <array> <string>Replace with Offered Route Masks - remove if not needed</string> </array> <key>OfferedRouteTypes</key> <array> <string>Replace with Offered Route Types - remove if not needed</string> </array> </dict> <key>Interface</key> <dict> <key>SubType</key> <string>PPTP</string> <key>Type</key> <string>PPP</string> </dict> <key>PPP</key> <dict> <key>ACSPEnabled</key> <integer>1</integer> <key>AuthenticatorACLPlugins</key> <array> <string>DSACL</string> </array> <key>AuthenticatorEAPPlugins</key> <array> <string>EAP-RSA</string> </array> <key>AuthenticatorPlugins</key> <array> <string>DSAuth</string> </array> <key>AuthenticatorProtocol</key> <array> <string>MSCHAP2</string> </array> <key>CCPEnabled</key> <integer>1</integer> <key>CCPProtocols</key> <array> <string>MPPE</string> </array> <key>DisconnectOnIdle</key> <integer>1</integer> <key>DisconnectOnIdleTimer</key> <integer>7200</integer> <key>IPCPCompressionVJ</key> <integer>0</integer> <key>LCPEchoEnabled</key> <integer>1</integer> <key>LCPEchoFailure</key> <integer>5</integer> <key>LCPEchoInterval</key> <integer>60</integer> <key>Logfile</key> <string>/var/log/ppp/vpnd.log</string> <key>MPPEKeySize128</key> <integer>1</integer> <key>MPPEKeySize40</key> <integer>0</integer> <key>VerboseLogging</key> <integer>1</integer> </dict> <key>Radius</key> <dict> <key>Servers</key> <array> <dict> <key>Address</key> <string>Replace with Primary Server IPv4 Address</string> <key>SharedSecret</key> <string>Replace with Primary Server Shared Secret string</string> </dict> <dict> <key>Address</key> <string>Replace with Secondary Server IPv4 Address</string> <key>SharedSecret</key> <string>Replace with Secondary Server Shared Secret string</string> </dict> </array> </dict> <key>Server</key> <dict> <key>Logfile</key> <string>/var/log/ppp/vpnd.log</string> <key>MaximumSessions</key> <integer>128</integer> <key>VerboseLogging</key> <integer>1</integer> </dict> </dict> </dict> </dict> </plist> ---- CUT HERE ---- SEE ALSO
vpnd(8) Mac OS X 17 August 2009 Mac OS X