<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
				<meta name="viewport" content="width=device-width, initial-scale=1" />
		<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
		<meta name="format-detection" content="telephone=no" />
		<meta name="robots" content="noindex" />
			<title>Router Security Features</title><body class="ac-gn-current-support">
	<input type="hidden"  id="cdsHeaderObj" data-json='{"setPod": "true",
"resourceUrl": "https://support.apple.com",
"akamaiUrl": "https://km.support.apple.com",
"modelValue": "Support",
"aiSearchServiceURL": "support.apple.com",
"podLocaleValue": "en_US",
"omnitureLocale": "us_en",
"aiCrossDomainSearchServiceURL": "support-suggestions.apple.com",
"podValue": "us~en",
"searchCountry": "us",
"enableAppleInstant": "yes",
"pageName": "kb",
"amlSuggestionsUrl": "https://www.apple.com/search-services/suggestions/",
"title": "Router Security Features",
"channelName": "LEGACY"
}'>
	<input type="hidden"  id="httpDownloadURL" value="http://support.apple.com">
<!-- 	
 -->

	
<aside id="ac-gn-segmentbar" class="ac-gn-segmentbar" lang="en-US" dir="ltr" data-strings="{ 'exit': 'Exit', 'view': '{%STOREFRONT%} Store Home', 'segments': { 'smb': 'Business Store Home', 'eduInd': 'Education Store Home', 'other': 'Store Home' } }">
</aside>

<h1 id="main-title">Router Security Features</h1>
<div id="abstract">
 
<div id="intro-container"><div class="truncate"><div class="attr SYMPTOMS"><div class="attr TOPIC"><FONT SIZE=4><BR>
<BR>
My company is having problems with our Ethernet backbone. Everyone is on the<BR>
Ethernet, but one division controls all access to the net.<BR>
<BR>
People from different divisions can see into the corporate office's zone and<BR>
services.  They can also print on corporate's LaserWriters. The corporate<BR>
office wants to block transmission into their area but let everyone in the<BR>
corporate office see services outside of their area.  The corporate office<BR>
needs access to the IBM hosts and VAX systems which are all on the backbone<BR>
but in different divisions.  Thus, total isolation is out of the question.<BR>
<BR>
Right now, we connect our local divisions together with VitaLink boxes and T1<BR>
lines.  I thought the VitaLink could do some of the above.  But, even if they<BR>
could, the one division controls them.  The best solution for corporate is to<BR>
find a router/bridge that has the above blocking/filtering features.  If this<BR>
is not possible, is there a device that at least allows controlled access to<BR>
LaserWriters?<BR>
<BR>
</FONT></div></div> <!--  attr Symptom  --></div> <!--  truncate --></div> <!--  intro-container --><div class="clear"> </div>
 </div>   <!-- abstract end -->
<div id="articlecontent">
<div id="indicator-container">      
<div class="indicator archived"></div></div> <!-- Indicator-container -->
  <div class="attr SUMMARY">
There are several options available to allow zone and device hiding, but most<BR>
of these products are LocalTalk to Ethernet routers like the Shiva FastPath or<BR>
the Cayman GatorBox.  There is one product that may provide the type of<BR>
security you require; the NRC Macintosh-based Multigate router provides<BR>
Ethernet-to-Ethernet routing and provides the ability to define parts of your<BR>
network as insecure.<BR>
<BR>
See the explanation below for a complete description of the options available<BR>
for each device.  Here is a summary of AppleTalk router security features:<BR>
<BR>
LOCALTALK TO ETHERNET ROUTERS<BR>
-----------------------------<BR>
Cayman Systems GatorBox<BR>
-----------------------<BR>
Zone Filtering:<BR>
Zone filtering prevents users in the filtered zone from seeing other zones on<BR>
the network to which they are connected.  This also prevents users in zones<BR>
outside of the filtered zone from seeing devices in the filtered zone.<BR>
<BR>
Laser Filtering:<BR>
Laser filtering is, in a sense, a subset of zone filtering.  Where the zone<BR>
filtering shields all of the devices from the outside, laser filtering lets<BR>
you hide just the LaserWriters from anyone outside of its AppleTalk zone.  This<BR>
also prevents users in the filtered zone from seeing LaserWriters in other<BR>
zones.<BR>
<BR>
Tilde Filtering:<BR>
Tilde filtering lets you hide any device with a tilde character at the end<BR>
of its name, so that it cannot be seen by anyone outside of its zone.<BR>
<BR>
Shiva FastPath<BR>
--------------<BR>
Stay in Zone:<BR>
The stay-in-zone option prevents users in the filtered zone from seeing other<BR>
zones on the network to which they are connected.  This also prevents users in<BR>
zones outside of the filtered zone from seeing devices in the filtered zone.<BR>
<BR>
LaserWriter Security:<BR>
LaserWriter security is, in a sense, a subset of zone filtering.  Where the zone<BR>
filtering shields all of the devices from the outside, laser filtering lets<BR>
you hide just the LaserWriters from anyone outside of its AppleTalk zone.  This<BR>
also prevents users in the filtered zone from seeing LaserWriters in other<BR>
zones.<BR>
<BR>
Tilde Security:<BR>
Tilde filtering lets you hide any device with a tilde character at the end<BR>
of its name, so that it cannot be seen by anyone outside of its zone.<BR>
<BR>
NRC 2000<BR>
--------<BR>
Insecure:<BR>
The insecure option lets you define sections of your Internet as &quot;insecure.&quot;<BR>
An insecure network's routing information is not propagated to any other<BR>
section of the network, thus providing a way to control who can access the<BR>
secure sections of the Internet.<BR>
<BR>
APT<BR>
---<BR>
APT has announced an update to their AppleTalk routers.  They now support<BR>
device security across zones.  Users can, for example, hide their LaserWriter<BR>
from anyone not in their zone.  You can also hide other devices, like file<BR>
servers and NetModems.<BR>
<BR>
The user can let other users on different zones and create different sets of<BR>
access to different devices.  For example, Zone A may have no access to your<BR>
LaserWriter, but still have access to a File Server, while Zone B has access to<BR>
all LaserWriters, but not AppleTalk ImageWriters or NetModems.<BR>
<BR>
APT routers connect multiple LocalTalk, Ethernet, WAN, and Serial networks<BR>
together, and supports Phase II AppleTalk.  DDP/IP encapsulation is in the<BR>
works.<BR>
<BR>
ETHERNET TO ETHERNET ROUTERS<BR>
----------------------------<BR>
NRC Multigate Macintosh<BR>
-----------------------<BR>
Insecure:<BR>
The insecure option lets you define sections of your Internet as &quot;insecure.&quot;<BR>
An insecure network's routing information is not propagated to any other<BR>
section of the network, thus providing a way to control who can access the<BR>
secure sections of the Internet.<BR>
<BR>
Cisco (CGS/MB/AGS)<BR>
------------------<BR>
The cisco router offers the ability to set up access lists that permit<BR>
controlled access to your network.  Access lists are set up to filter all<BR>
in-bound network traffic from any network listed in the access list.  Only<BR>
traffic from networks not listed in the access lists is permitted into your<BR>
network.  Traffic from your network is still propagated to all other segments<BR>
of your Internet.<BR>
<BR>
<BR></div>
</div>


<!-- Start SiteCatalyst code version: H.8. -->


<!-- End SiteCatalyst code version: H.8. -->


<div class="mod-date">Published Date: Feb 18, 2012</div>
  <div id="mimosa-tags">
  
  <input type ="hidden" id="mimosa-tags-heading" value="Related Topics" />
  <input type ="hidden" id="showNavTagFlag" value="true" />
  <input type ="hidden" id="tags-localised" value="Tag" />
        </div>

</div><!--/#content-->
</div><!--/#main-->

<!-- Helpful not helpful section -->
 <div style="display:none">
<div id="meta">
                </div> <!--/#meta-->
</div>          
        <!-- Related Section -->
<div class="border-div"></div>      <!-- Offer Section -->
<div class="border-div"></div>
<div id="promo" style="display:none;"> Still need help?</div>          
         
<div style="clear:both;"></div>

</div>
<input type="hidden"  id="cdsArticleObj" data-json='{"docId": "TA44960",
"cdsLocale": "en_US",
"imgSrc": "",
"akamaiUrl": "https://km.support.apple.com",
"strTitle": "Router Security Features",
"strLocale": "en_US",
"omniturePageName": "acs::kb::dl::ta44960::router security features",
"metaUrl": "",
"baseLink": "https://km.support.apple.com/kb/",
"reportLink": "https://support.apple.com",
"lcl": "en_US",
"localeParam": "en_US",
"viewLocale": "null",
"domainName": "0",
"archive": "true",
"enableAffectedProductPortlet": "false",
"configHeaderFooterLocale": "en_US",
"strCategoryListRefKeys": "",
"lastModifiedDate": "2012-02-18",
"creationDate": "1991-01-15",
"publishedDate": "Sat, 18 Feb 2012 03:02:49 GMT",
"publishedDateHeader": "Sat, 18 Feb 2012 03:02:49 GMT",
"oldInquiraID": "",
"articleNo": "TA44960",
"strChannel": "LEGACY",
"isOmnitureSupported": "true",
"referringPage": "unknown",
"messageResourcesArticleTempEmail": "Email Download Link",
"messageResourcesArticleTempDown": "Download",
"ACStaticText": "{\"more\": \"…more\", \"less\": \"less\" }"
}'>

<div class="footer-wrapper">

</div>


</html>