If you want to run Appletalk then you'll need to look into a daemon called Netatalk
It can do AFP (Apple Filing Protocol) over Appletalk.
Also just for info... you can configure Netatalk to do AFP over regular TCP/IP - avoiding all that Appletalk mess

Definitely

A good way to look at things, in my opinion. Obviously it is good to do all you can to prevent compromise, but it is also important to accept the inevitability of compromise and detect and mitigate against it as best you can.

I believe it is to a certain extent. Many, if not most, compromises are compromises of convenience. The low hanging fruit is the first to be picked. Unless there is a targeted attack against your servers, all you really have to do is be more secure than the next guy.

Since it is unmeasurable, I would say no.

The main place your obscure protocol arguement falls down is that the protocols you are considering as alternatives to TCP/IP are all no longer in active development, so, while TCP/IP is continually acquiring more secure features (IPSec, DNSSec and so on) these other protocols are as secure as they are ever going to get. The fact that less vulnerabilities are known doesn't mean that they don't exist.

If anyone is interested, here's how it can be done. Appletalk replaces tcp/ip in the local network as follows: On windows computers you install pc maclan (choose "Disable encrypted logins" under menu Configure-Server information). On linux computers you apt-get the netatalk package, edit the file /etc/netatalk/atalkd.conf adding one line that says "eth0" without the quotes, and reboot for the automagic configuration to occur. The windows computers can then see the linux home directories but not the other way round (there simply isn't any linux tool for reaching appletalk file shares in windows which is probably a good thing). This means you have to remember to copy any new files from linux to windows if you use a liveCD for the linux box.

From:
That would seem to indicate that running a sniffer can see the traffic.

Just remember that I expect the linux box to get hacked so any encryption in the linux-windows link is irrelevant, the hacker can type what I type and see what I can see, that's ok. I don't want to hide the windows server's shared files. Let the hacker see them if they can. What I want to prevent is the hacker from owning the server too. So how would you go about penetrating the server in order to own it, not just read the apple-shared files?

While we're at it, can anyone recommend a hacking forum for some more underground input?

That is not a valid question for LQ.

Rephrasing what I already said in post #4: if you would have exhausted common host and network hardening and segregation, then you wouldn't have to waste effort and stoop to using such a contorted security posture just to satisfy your fabled "protocol isolation" thingie.

Repeating over and over something does not make it right - you are failing to counter any of the arguments presented. That's because, the truth is, you do not have a clue how to break into the pc maclan implementation of appletalk, and neither has anyone in common hacking and anti-hacking forums: I have found very few exploits for the OS X implementation of appletalk (1 2 3), but there is not a single exploit for the pc maclan implementation! So it is like OS X was in its beginning. The bad guy would have to do vulnerability research from scratch, for weeks or months before finding an exploit for pc maclan. And our humble pc's are not worth that much.

In the interest of those wishing to use a liveCD for security and transfer files to their main computer by this extremely simple and yet powerful setup, a few notes to remember. The act of getting an .avi from youtube or whatever file you want to keep must be done without visiting any other sites in the same liveCD session. Powering off the diskless liveCD linux box would take care of isolating one browsing session from another.

If a windows shared folder is used instead of the linux ramdisk, remember to clear-up the shared folder at the start of each session. From windows.

I see your fortune cookie for today reads:
when a man points
at the moon, the fool
looks at his finger.

Have fun!

Ulysses

Apparently you missed my post #19. Appletalk has the same flaw as telnet does(which is why ssh replaced telnet), it transmits information in the clear. One just sniffs the network for a while, capturing flow, process data, and you have all the logins/passwords. You really do not run into a much simpler crack(these days).

As far as cracking the server, using obscure protocols still leaves the same old cracks in the in the OS.

I remember your post lazlow, and as I said before, any encryption is irrelevant because the hacker can run a keylogger and type what I type (password etc) and see what I see (any shared folder of the windows server). I do not mind them seeing the shared folder because it is only for temporary storage of my downloaded files during a liveCD session, cleared at every boot. As long as you visit only the site of the download during a session, there won't be any hacker during this session to infect the download (unless you're unfortunate enough to have a static ip). So let the shared folder be seen, it is penetrating the windows server for the purposes of owning it that we want to prevent.

What cracks do you mean? Faults in the ethernet drivers of the windows server?

By the way, it is not only tcp/ip that is uninstalled from the windows server in this setup, but also all other items in the connection properties: Client for microsoft networks, File and printer sharing for Microsoft networks, etc. Only two items remain, the pc maclan appletalk protocol, and the pc maclan service.