How to secure AFP file transfers

Howdy,
I read that AFP file transfers are not encrypted. The name/password is sent in encrypted form but any data transferred is not. I'd like to know if 1. this is correct and if so 2. how do I encrypt AFP traffic?
This is for online use, someone connecting to me with afp://myipaddress all Macs on latest OS X.
Jay

Alright, after everything I've read and speaking with Apple enterprise support it's confirmed that AFP is indeed insecure and not a protocol you want to expose to the world. Using VPN is the only way to secure AFP file transfers so I'll start messing around with that.

Similar Messages

  • Enable AFP File Sharing via ARD through command line?

    Anyone know how to enable AFP file sharing on a remote Leopard client using ARD? I had been sending Unix Commands to do most of my changes, but cannot figure out how to enable AFP file sharing through a unix command. I've tried running /usr/sbin/AppleFileServer but that doesn't seem to do the trick. Any ideas?

    Howdy, Space Ranger!
    I'd recommend checking out the following documentation to get filesharing going without interrupting a current user.
    Apple Remote Desktop Administrator’s Guide
    http://images.apple.com/remotedesktop/pdf/ARD3_AdminGuide.pdf
    Page 145:
    Executing a Single UNIX Command
    Using the UNIX Command window, you can send a single command to the selected
    client computers. The command is executed using the bash shell.
    To execute a single UNIX command:
    1 Select a computer list in the Remote Desktop window.
    2 Select one or more computers in the selected computer list.
    3 Choose Manage > Send UNIX Command.
    4 Type or paste the command.
    If your command is a multi-line script, enter each command on its own line. If you want
    to break up a single-line command for better readability, use a backslash (\) to begin a
    new line.
    5 Set the permissions used to execute the command.
    You can choose the currently logged-in user, or choose the name of another user on
    the client computers.
    6 Click Send.
    For information regarding Terminal commands that can be useful (this is for 10.3 and later, but the relevant command does work in 10.8):
    Mac OS X Server Command-Line Administration
    http://manuals.info.apple.com/en_US/MacOSXSrvr10.3_CommandLineAdminGuide.pdf
    Page 65:
    Commands you can use to create share points and manage AFP, NFS, Windows (SMB), and FTP services in Mac OS X Server.
    Share Points
    You can use the sharing tool to list, create, and modify share points.
    Best regards,
    Allen

  • How do i Secure & recover file from shared folder

    Hi All,
    I have Windows server 2008 R2 environment and one shared folder created on this with restricted permission by file sharing & security, now 1. I want to add one more restriction that owner of the folder should not able to delete that file? If this is
    not available with Microsoft then
    2. How do i recover file which deleted from MAP drive...
    Please help me to resolve this issue...
    Kalpesh Chauhan

    As to your first problem, I am not so familiar. But, as to the second problem, I think I can help.
    In fact, I have ever also accidentally deleted my hard drive files. In order to re-access them, I have also posted my question in forums, just like you. Fortunately, after browsing many related answers and threads, I just know that a third
    party data recovery program can be a good chance to go on.
    So, I follow some instructions in these forums and select three drive recovery freeware to go on, including Recuva, iCare Data Recovery Free and TestDisk and so on.
    Finally, I have restored all my needed data back successfully with these freeware.
    So, I hope it will also help you out.
    PS: Never forget to back up everything important on different hard drives or places in case of any similar data recovery problems in the future.

  • How to find out the size of files transferred over the SQL * Net?

    I am trying to test the Advanced Compress (AC) for 11g Data Guard. When the AC is turned on, the archived log files are supposed to be compressed on the primary database server and sent over SQL*Net, then decompressed on the standby db server. We will see the file sizes are the same on both primary and standby servers. I want to verify that the AC works by monitoring how much data are sent over SQL*Net. Per Oracle, AC uses 35% less of the bandwith. That means the size of the files transferred should be at least 65% of the original size.
    Is there a way to find out the size through Oracle utilities? If not, how to find out by OS utilities? OS is Solaris 5.10.
    Thanks.

    I'm not sure this can be done via SQL*Net, but a network packet sniffer between the two servers should be able to help - you might want to contact your network team.
    HTH
    Srini

  • Just bought a new macbook w/ mtn lion. transferred data from my old macbook over n it created another user name. that's actually good--xcept for music, which i want on my new acct. How do i move files from my "old comp" acct to my new one?

    i just bought a new macbook w/ mtn lion. when i transferred data from my old macbook over, it created another user name (i called it "old computer"). That's actually good--I'm not going to be accessing old files frequently--except for music, which i want on my new user name. How do i move files from my "old comp" account to my new one? Is there a way to easily move large #'s of files, or just one by one? I've googled extensively but can only find instructions for OSX 10.6 and previous, which talks about the "Shared folder," which I can't seem to find.      

    jesster03 wrote:
    i just bought a new macbook w/ mtn lion. when i transferred data from my old macbook over, it created another user name (i called it "old computer"). That's actually good
    That's actually bad. Peruse Pondini's Setup New Mac guide and seriously consider starting over.

  • How do I FTP files from a security camera to iCloud so they can be retrieved back to my MacBook Pro whenever I connect when travelling?

    How do I FTP files from a security camera to iCloud so they can be retrieved back to my MacBook Pro whenever I connect when travelling?
    Russ

    Do you want to watch the live feed of your secutiry cameras or recorded footage?
    In either case, I don't think iCloud is your solution.
    For the first one, check with your security camera software, they usually have this option of broadcasting, so you'll know how to access it.
    For the later, you should use something like Dropbox (www.dropbox.com), since iCloud file sharing is, up to this date, app restricted.
    Hope it helps.
    JP

  • How do I extract pages from a Secured PDF file

    How do I extract pages from a Secured PDF file?

    Adobe would call that hacking, and don't allow discussion of it in this forum. You should contact the copyright holder and see if they are prepared to release the password, or an unsecured document, to you. If it's something made for you like a bank statement you should tell the bank how inconvenient their choices are.

  • In Messages I'm getting "The recipient of this conversation doesn't accept file transfers." Does anyone know how to rectify this issue?

    In Messages I'm getting "The recipient of this conversation doesn't accept file transfers." Does anyone know how to rectify this issue?

    Hi,
    I am reading your post that those are your specs.
    Is that correct ?
    How are they logged in ?
    PDF link to the Snow Leopard server info
    As you may know you have to set your server to Federate to other servers and may need to invoke the port 7777 for the Proxy65 File Transfer port to allow Server to Server File Transfers.
    See this Flash based view of page 17
    To clarify that:
    The app can do App to App File Transfers (most Jabber apps use port 1080 for this).
    It can be assisted by the Server port if required using the Proxy65 File Transfer item.
    However the other end still needs to be logged in to an App rather than  Web Login (Google, Facebook) and be an App that can do File Transfers.
    7:39 pm      Friday; June 20, 2014
    ​  iMac 2.5Ghz i5 2011 (Mavericks 10.9)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad

  • HOW DO I FIND FILES THAT HAVE BEEN TRANSFERED FORM MY PC TO MY MAC

    How do i locate files that have been transfered from my PC to my new MacBook Pro

    Depends how they were transferred. If you used Migration Assistant, a new user was created. Look there in your documents folder. If you used Setup Assistant, look in your documents folder.

  • How do I open my H&R Block tax files, transferred to my Mac Pro from my PC? I guess they're in Windows format,but I don't know how to convert.

    How do I open my H&R Block tax files, transferred to my Mac Pro from my PC? I guess they're in Windows format,but I don't know how to convert.
    CaptainTom1

    There should be an H&R block format.  Windows or no.
    Just like JPEG or MP3 is a format readable by Mac or PC.
    The main cause of PC vsWindows files issues is in "text only" files that require "line terminators".  Windows line terminaotrs are <CR><LF>, UNIX is <LF>, Mac can be <CR> or a <LF>.  The text editors that are PC-files-only cannot properly read text lines terminated with <LF> only.

  • How to exclude a file/folder from Microsoft Security Essentials scan in Windows 7/Vista/XP?

    How to exclude a file/folder from Microsoft Security Essentials scan
    in Windows 7/Vista/XP?
    Hetti Arachchige V Aravinda | Network & System Administrator (B.Sc, Microsoft Small Business Specialist, MCP, MCTS, MCSA, MCSE,MCITP, CCNA, CEH, MBCS)

    Hi,
    Thanks for sharing this link.
    Nice job!
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • HT4796 I cannot open any files transferred from the PC to my MAC as I am "not authorized". How can I correct this?

    I cannot open any files transferred from my Windows PC to my Mac as I am "not authorized". How can I correct this?

    Select the folderr containing all of those files, CMD+I, click on the lock, enter your admin password, add yourself with read & write, and click on the action button and select apply to enclosed items. That should do the trick. BTW, I don't have a PC, so i've not transfered any such files to my machine.

  • Receiving pop ups to secure my files and when I log into any website i get directed to a site with a pop up regarding security.  I assume I have a virus and not sure how to fix it

    I am receiving pop ups to security sites to secure my files etc.  I assume I have a virus but not sure how to fix it.

    There is no need to download anything to solve this problem.
    You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
    Back up all data before making any changes.
    One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
    If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
    Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
    Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
    Still in System Preferences, open the App Store or Software Update pane and check the box marked
              Install system data files and security updates (OS X 10.10 or later)
    or
              Download updates automatically (OS X 10.9 or earlier)
    if it's not already checked.

  • How do I go about transferring files from Dreamweaver CS4 to Dreamweaver CC?

    How do I go about transferring
    files from Dreamweaver CS4 to Dreamweaver CC?

    If both versions are on the same hard drive, simply tell DW CC where your site files are located on your hard drive.  Go to Site > New Site and define your site.
    Nancy O.

  • How to secure file

    Hi
    I m coding . I want to secure my file so that no body can make changes in it.can u tell how?
    Thanks.

    hi rani patil ji,
    pls see the below link..
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/37bef2c0-0d01-0010-58ac-d1286bb09b6
    securing files in abap
    After doing all kind of ABAP work for many years, it’s often amusing for me to see such a system as SAP R/3 being so vulnerable and so unprotected from attacks and sabotage. The system has very strong security mechanisms, so complicated that it probably takes years to build up the experience managing all that, but those things can be used to restrict access for normal users. Anyone who wants to target it can find some ways, combining existing functionality, holes not closed by administrators, probably complemented by social engineering. It seems that it’s just because normally the people that have an access to such system are too busy to screw it. But what if some nice behaving well paid consultant is actually looking to sell your data? Or if someone unhappy with the very wise executive decision to let a crowd of folks go look for another job wants to say the “last word”? The fact is, and I like to repeat it every time I hear that someone has decided to strip us of some authorisations, that anyone with some technical SAP experience will always find the way. Or let’s say, “most likely” will.
    Before I go further, let me give a couple of notices:
    Some things discussed below were actually tried by me, on various versions of SAP. It can happen that some trick I tried several years ago is already blocked by SAP. I never want to try certain tricks again - it’s not good, and I don’t have my own SAP system to play with. I assume no responsibility on the results of trying those innocent tricks.
    The first thing that you learn as an ABAPer is that you can read the data directly from SAP database tables. And not only read, but also update. Direct updates, unless done on customer’s own tables, in theory can break the SAP warranty. But we have to do this from time to time, and there is nothing more simple that can screw up the whole system. Just one line of code. But hey, it’s not only about sabotage! What about messing with the accounting? Or changing your own user account information? During the SAP boom days (end of 90s), a code to get yourself the best authorisation available in the system was circulating over the Net. Simple updates of USR* tables. The guy who wrote it pulled it back later because he didn’t feel well about it.
    Most companies have a policy of not allowing direct updates of SAP tables, but not every company enforces it through QA process. I remember how did I learn that direct updates are not good. It was probably a couple of months after I took my BC400 course that I got a task of programming a mass update of customer master. I think it was that simple update of KNVV that got my change back from QA with a big red cross. Good work! That’s when I understood also how important the quality assurance is.
    The next funny thing you learn as an ABAP programmer is that there are some “system variables”. And also that they can be manipulated too. What is especially useful it’s changing the value of return code SY-SUBRC after failed authorisation check. Yes, you need to be authorised to change values in debugger, but this is what we all have in development systems, and for some limited periods even in production. No big deal if it’s dev? But it can be a good starting point and a gate to other systems! And it brings even more fun if when doing some nasty update, you change the “current user ID” to be stored as “who has updated it” to some other than yours!
    Though at some critical points SAP checks the authorisation other than with standard authority-check and SY-SUBRC, most of time it’s still good old return code, and it doesn’t look like it’s going to change. But why should we ABAPers care if under the debugger, we can change almost any SAP program without asking SAP or our admin for access key. Just jump over it! (Kind of open-source - feel free to modify if you need to!) Then, why not to transport this change to the productive system if management thinks that having QA folks go through each modified piece of code that is going to be transported is a waste of corporate money? As if it’s not the code that runs the enterprise blood through the servers.
    But it’s not only the code. There is a useful transaction SE16N, where SAP has implemented a command (”&sap_edit”) that allows you to modify just any table in SAP. The command name implies that it’s “internal use only” and should be reserved for SAP support folks, but I have never seen it asking whether I am an SAP employee. Oh, there are “change documents” that they use to track all those changes, but there is also a menu item to delete them, and after all, why not to play with the table storing them directly? OK, to do all those things you need to be authorised, but don’t give up: there are debugger (see above) and other tricks (see below) that get us there.
    That was about changing the data, but sometimes even reading can be considered as a biggest sin. At some point in SAP career, everyone will see “authorisation hysteria”. It starts with some global effort to strip us of our rights. Sure, we developers should be hanged after seeing some secret production data, so to prevent the mass executions, they first revoke the rights for standard “business” transactions. Then, normally several years after that, someone says hey! those potentially bad bad guys have SE16 and can view data just from any table! Oh my! Now we set the authorisations for each table. S_TABU_DIS is the cure! And the tables are gone for us, forever. No, wait! we have database views! and many other things that you get using where-used-list for the table in question in SE11 (a “very special” SAP feature nearly unknown to professional accountants). There is even more. There are hundreds of funcion modules in SAP and the changes always are that after investing some time into research, but still considerably less than we spend explaining that if we are supposed to analyse production problems, we need some more authorisation to do that, we can find some magic function module that, being called directly in SE37, gives us the data we need. And don’t forget that very often developers are given rights to schedule background jobs that run with any user they want and then read the output. No limits - it can be helped only by a different authorisation process, where everything in a system is really integrated. For example, database views inherit authorisation of tables, and SELECTs check things like S_TABU_DIS authomatically. But overhead of doing that will probably make the systems unusable.
    As so many things can be done if we got enough authorisations, one would ask “what’s the big deal”? Just stop giving the debug with change authorisation away and this will save the system from abuse. Well, there are always countermeasures. Each system has some special users that have special authorisations. And frequently those users are maintained as default login user for some RFC connection. One very well known example is the user of the APO CIF interface. Till mid-2006, it was a general advice from SAP to give that interface user SAP_ALL authorisation. Now, years after introducing CIF, they have issued an OSS note that describes a safer setup. But the system that still has the old setup, or has some other user for interfacing with other systems, there are fancy things one can do with that. You need just a debug session without change authorisation and some RFC-capable function on the target system. A good one is, for example, RFC_READ_TABLE, which is present on all systems regardless of which applications are installed. When called under debugger in SE37 with appropriate RFC destination, the function jumps into the target system, and your session does this together. The place to watch is the function SFCS_FA_FUNCTION_INVOCE, where the remote call happens. If you follow the cross-system call with “Step-Into”, you can then open a new window on the target system that will be running not with your poor user, but with that special one! While this is a very common approach to interfacing two systems, if a special authorisation somes into question, then building the interface with an intermediate system to prevent abuse of RFC could solve the problems, but the complexity will be the price to pay.
    The next inviting feature of SAP is the ability to run operating system commands on the application server. This can be done either with the function SXPG_COMMAND_EXECUTE or directly with CALL SYSTEM. The former does some security checks to prevent running some commands that can harm the system but this check is of course very limited as SAP can never know what command is dangerous on your system. The most dangerous of all that is that the command will be run as a subprocess, with the same OS user as that of the SAP instance. Which means, you can run a process with the same OS authorisations as SAP, having access to the same data etc. The most simple sabotage by stopping the SAP at most needed moment (scheduled by cron if it’s running on UNIX) is obviously stupid, but what about manipulating some files (e.g. with data for or from external systems) or even transport files? With transport files, it’s not that straightforward as it used to be as now files are compressed (in older versions, you could modify program source code right in the transport files), but if they are not encrypted, they can be used to implement custom logic directly or plant a back doors for later time.
    You are not convinced because all you can do is to run a single command? Well, this single command can get you a terminal window on your PC, running a shell on the application server! Just install an X server on the PC and launch something like xterm on the app server, setting the display parameter to the PC - takes several seconds. X applications like xterm are present in all default UNIX installations. If the SAP is running on a Windows machine, it’s not better, because you can always have a Cygwin environment (the same one used to get an X server on your PC), and all you need is to transfer several files to the SAP server, which can be done easily with direct FTP, file upload functions or network shares. As soon as you get a terminal, running other things is becoming much easier! Unless some knowledgeable admin restricts the authorisations to the maximum extent, erases unneeded OS applications from the server and, best of all, restricts the network connections between the server and the rest of the network. Interfaces could use some TCP ports that are opened only between certain machines on the network and the rest - closed for more security. But I don’t believe anyone in the world is doing that. That’s waste of corporate money and lost of convenience after all!
    Let’s say, we got some hole to get through. What can be done in some short time? For sure, we’ll want to plant a backdoor to ease our later activity. No system has better resources for that. They could set the system level to productive to forbid the changes, they kick us with developer keys and object access keys. But all we need is just one ABAP command, INSERT REPORT. Surprisingly, this one doesn’t care at all what program are you going to modify. THERE ARE NO CHECKS! It can be anything, anywhere including production system, and on execution, SAP doesn’t care if you don’t have development authorisation. So, we’ll start with that, having that one line hidden in some nice customer program, sneak through the absent or sleepy QA procedures and we are ready for a next assignment.
    All those simple tricks above can be dealt with and holes can be closed. But because doing that required some effort, and knowledge and money is an important prerequisite, most likely we will live with that for years from now. Which is not really bad - if we save some time when analysing a production problem, we’ll probably have more time to do a proper code review, and do many other things right. There should be more tricks and I’ll be glad to know and discuss them (for fun, not for breaking!), so any comments will be very welcomed.
    regards
    karthik
    pls reward me points if the above is usefull to you

Maybe you are looking for