What is it?

Apple Filing Protocol (AFP) allows Apple OSX computers to share files across a network. This can be handy (and easy) when used in small, trusted networks.

Why is it a risk?

When your Apple OSX Server is connected to the Internet, enabling AFP may unintentionally expose your server’s files to the world.

How can you mitigate the risk?

If you can, simply shut down AFP on your Apple OSX Server; this will mean, of course, you cannot share files.

Blocking the affected Port from the Internet would allow users internal to your location to share files, but not those on the wider Internet – including those working from home or on-the-road.

At a minimum, you should use the Diffie-Hellman Key Exchange 2 User Authentication Method described in the Apple Developer Network article linked below.

An much better solution is to use a Virtual Private Network (VPN) to allow only authorized users/computers to access your file system. A VPN protects all of your network traffic, not just files shared using AFP.

Resources:

About AFP
https://en.wikipedia.org/wiki/Apple_Filing_Protocol

Apple Developer Network AFP Security guide
https://developer.apple.com/library/archive/documentation/Networking/Conceptual/AFP/AFPSecurity/AFPSecurity.html

Share →