Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
- Subject: Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
- From: Taylor Armstrong <email@hidden>
- Date: Mon, 14 Jul 2008 16:05:53 -0400
Thanks Todd.
Admin - some users will have it. Not all, but I'd like to plan for
worst-case scenarios.
Don't have much control over the firewall, but I'll bring it up at the
next meeting. We don't have many Macs... technically, I am "but a lowly
helpdesk grunt" but since none of the sys admin staff have the time to
really look at this, most of the Mac admin duties fall to me. Firewall
policy is set way, way over my head.
My personal MobileMe package is supposed to arrive this week - I may
just need to do some testing on my own to see... it may already be blocked.
I'm guessing that MobileMe uses most of the same ports/services as .Mac,
so any .Mac advice may very well apply as well.
Taylor
Todd Heberlein wrote:
No OD here, so I'm just trying to get some discussion going on the
best way to do this. MCX controls? I've not looked yet to see if
there is anything specific on the .Mac or MobileMe controls... just
trying to figure out the best angle to take.
Do your users have admin control to their machines? If so, you may
want to look at a network-centric solution (i.e., blocking certain
ports on routers/firewalls). And even if you can find a host-based
solution (i.e., using MobileMe's System Preference pane or configuring
the firewall), adding monitoring rules to your router/firewall might
be a good idea to ensure compliance. (Note: the "Back to My Mac" tab
in the MobileMe System Preference says it doesn't work through my NAT
router.)
I haven't sat down to watch the packet flows yet (I've barely used
Mobile Me), but if everything (or at least too much) runs through
port 80 or 443, you might need to use a web proxy and block based on
URL (as opposed to just address/port combos).
Since Mobile Me is so new, you might want to follow up with another
post in 2-3 weeks once more people have had a more detailed look at it.
Todd
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
National Ocean Service IT Support
1305 East-West Highway
Silver Spring, MD 20910
Phone (301) 713-2644
http://nos.noaa.gov/
IT Support Request Email: email@hidden
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden