15.8. Summary
This chapter covered ways to keep a small Ethernet network secure from most outside attacks while giving users on the network access to the services they need. I began by explaining the basic operation of common networking hardware, such as routers, gateways, and DSL and cable modems. I then covered NAT and DHCP, two common methods (often used together) for giving computers Internet access using private IP addresses that aren't visible to the outside world. I explained in broad strokes how to configure a setup known as a DMZ (or demilitarized zone), both in the sense of an isolated network segment outside your firewall and in the sense of using a router or gateway to direct all outside Internet access to a particular IP address.
For more fine-grained access control, I then discussed port forwarding, in which requests for particular kinds of data are routed individually to selected computers on your network. I returned to the topic of proxy servers (discussed earlier in this book) to cover specific security uses on your local network and ended the chapter with a discussion of the 802.1X authentication protocol and how to use it on your wired network.
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
