The enclosed file is a self extracting archive of a MacWrite II document. Download, expand, and open with MacWrite II or compatible word processors. This document discusses the general security features available with AppleTalk Remote Access. In addition, it specifically addresses the network-wide control functionality which is available for the more security conscious. A text only version of the document (without the graphics) is copied below. Copyright © 1992, Apple Computer, Inc. ------------------------------------------------------------------------ This document discusses the general security features available with AppleTalk Remote Access. In addition, it will specifically address the network-wide control functionality which is available for the more security conscious. Security Features AppleTalk Remote Access offers sophisticated security options that allow you to restrict access to your computer and any network to which it is connected. They include user-controlled options such as: ¥ User name and password authentication ¥ A callback feature which verifies the user's identity by returning their call to a predetermined phone number ¥ An activity log for recording calling and answering activities, and ¥ A hacker proof feature which disables a user account after seven incorrect password attempts In addition, AppleTalk Remote Access has a built-in network-wide security option. This enables a network administrator to maintain control over who can set up a Remote Access Server on the network. In order to activate this feature, the network administrator will need to create a special SecurityZone password on the network via some AppleTalk router. (Setting up this SecurityZone is explained later in this document) The network password is encrypted with DES and is placed in the later half of the SecurityZone name Once this SecurityZone is established, AppleTalk Remote Access will request a password anytime an attempt is made to check the ÒAnswer callsÓ box. (see below) If an incorrect password is entered, answering will be disallowed. At this point, users will not be able to use this Macintosh for dial-in access to the network. NOTE: You can allow exclusive access to a Macintosh on a secure network (for example, if you wanted to share files via File Sharing). This can be accomplished by either physically disconnecting the answering Macintosh from the network or through selecting ÒRemote OnlyÓ in the network control panel. IMPORTANT: A fail-safe feature is part of the SecurityZone implementation. There are two scenarios where this is initiated. 1) If the user is not connected to the network when they set up answering and then reconnects and 2) If a SecurityZone is established after ÒAnswer callsÓ is checked. AppleTalk Remote Access always does a SecurityZone query when a user tries to dial into the system. In either of the above cases, answering would have been disabled and the call would be terminated. SecurityZone Set Up A special HyperCard stack must be used to initially generate the a SecurityZone name with your DES encrypted password. Once you generate the above zone name, you will need to get access to an AppleTalk router (any AppleTalk Router will work) and create a zone name which exactly matches the name generated by the above stack. Once you create the zone name, it will be distributed throughout the internet via RTMP. The AppleTalk Remote Access software will now require a password anytime someone