Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
- Subject: Re: [Fed-Talk] Mobileme - how are others managing this in your environment?
- From: Joel Esler <email@hidden>
- Date: Tue, 15 Jul 2008 00:51:35 -0400
Blackhole the domain in your environment.
J
On Jul 14, 2008, at 4:05 PM, Taylor Armstrong wrote:
Thanks Todd.
Admin - some users will have it. Not all, but I'd like to plan for
worst-case scenarios.
Don't have much control over the firewall, but I'll bring it up at
the next meeting. We don't have many Macs... technically, I am "but
a lowly helpdesk grunt" but since none of the sys admin staff have
the time to really look at this, most of the Mac admin duties fall
to me. Firewall policy is set way, way over my head.
My personal MobileMe package is supposed to arrive this week - I may
just need to do some testing on my own to see... it may already be
blocked.
I'm guessing that MobileMe uses most of the same ports/services
as .Mac, so any .Mac advice may very well apply as well.
Taylor
Todd Heberlein wrote:
No OD here, so I'm just trying to get some discussion going on the
best way to do this. MCX controls? I've not looked yet to see if
there is anything specific on the .Mac or MobileMe controls...
just trying to figure out the best angle to take.
Do your users have admin control to their machines? If so, you may
want to look at a network-centric solution (i.e., blocking certain
ports on routers/firewalls). And even if you can find a host-based
solution (i.e., using MobileMe's System Preference pane or
configuring the firewall), adding monitoring rules to your router/
firewall might be a good idea to ensure compliance. (Note: the
"Back to My Mac" tab in the MobileMe System Preference says it
doesn't work through my NAT router.)
I haven't sat down to watch the packet flows yet (I've barely used
Mobile Me), but if everything (or at least too much) runs through
port 80 or 443, you might need to use a web proxy and block based
on URL (as opposed to just address/port combos).
Since Mobile Me is so new, you might want to follow up with another
post in 2-3 weeks once more people have had a more detailed look at
it.
Todd
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
National Ocean Service IT Support 1305 East-West Highway
Silver Spring, MD 20910
Phone (301) 713-2644
http://nos.noaa.gov/
IT Support Request Email: email@hidden
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden