Capítulo 4. Desarrollo, análisis y discusión de resultados
4.3 Implementación de la propuesta pedagógica
They use higher levels of security, including hardware firewalls. Computers used on the network often are configured so as not to allow their settings or that of the
network itself to be modified. Larger networks may be divided into segments, presenting obstacles to the use of Bonjour.
If you think you have any of the problems listed below, contact your IT manager or department and show them this page and the following page, For IT Managers. Using Bonjour
Bonjour is only able to work on computers that are the same local segment of a large network. You may be able to automatically share with a colleague in the same physical office or meeting room, but not to a colleague in a different physical office or building, without providing them your computer's address yourself.
Account Administrator Privileges
If your computer is provided to you by your school or company, your login account may not have been given Administrator privileges. This will prevent you from changing your network or firewall settings. If your computer's firewall is on, this will prevent you from sharing notebooks. If others even in the same room cannot see your shared notebooks, ask your IT manager to unblock port 8474 on your computer.
Sharing To The Internet
In order to share notebooks to others over the Internet, your computer needs to have a fixed IP address. The NoteShare sharing port 8474 must also not be blocked by any hardware firewalls between your computer and the Internet.
Institutional networks often block all but the most essential ports to the Internet in order to maximize security. Ask your IT manager if port 8474 is blocked on your computer and the network firewalls, and if so, ask that it be unblocked.
Opening Notebooks Over The Internet
Institutional networks sometimes block even outgoing traffic to most ports to the Internet in order to maximize security. This will prevent you from even opening any notebooks being shared outside of your network. You may need to ask that port 8474 be unblocked for outgoing traffic on the network firewalls. Contact your IT manager or department and show them the following page, For IT Managers.
Sharing for Workgroups and Institutions
Sharing for Workgroups and Institutions
For IT Managers
37-1NoteShare's Networking Architecture
Each copy of NoteShare contains both a client and a server component. When launched, the client registers with Bonjour to search for services of type
"_noteshare._tcp.". When a notebook is shared for the first time during a NoteShare session, the server component advertises this type of service with Bonjour and accepts TCP connections on port 8474 (by default) from clients. In order to share notebooks beyond the user's subnet, users ("owners") must provide their IP address to those whom they wish to share to ("viewers"). The viewers then manually enter the IP address of the owner in their Open Shared Notebook panel.
It is import to point out that NoteShare is not an Internet file sharing application. It is a collaboration application which allows users in a work group to easily view, present, and edit a single document from multiple computers at the same time. It does not provide any means to automatically discover other NoteShare users or notebooks other than via Bonjour on a local subnet.
Port Numbers
Port 8474 is NoteShare's exclusive TCP and UDP port. The TCP port is used by the server component to accept connections from clients. The UDP port is reserved for future use. This port is registered with the Internet Assigned Numbers Authority. See www.iana.org/assignments/port-numbers.
A different port may be used if desired. The default port may be changed in NoteShare Preferences on the Sharing tab. Only Administrator users may change the port number.
Firewall Configuration
For sharing notebooks, NoteShare requires that the OS X firewall either be turned off, or configured to allow incoming server connections on port 8474. This is not required for users to open other people's shared notebooks.
In order to share to the Internet, port 8474 must also be unblocked in any hardware firewalls. Users should also have a permanently-assigned Internet IP address or domain name. If NAT must be used, only one computer can share on the default port, which must be mapped to the sharing computer, and that
computer should use a fixed IP address assignment.
For viewing notebooks beyond hardware firewalls, outgoing traffic on port 8474 should be unblocked.
NoteShare Security Client Validation
The NoteShare server component only accepts connections from other copies of NoteShare. When a connection is established from a client, a secret handshake is immediately performed using 128-bit AES encryption. The purpose of the
Sharing for Workgroups and Institutions
Sharing for Workgroups and Institutions
For IT Managers
37-2is immediately performed using 128-bit AES encryption. The purpose of the handshake is to validate the client as a legitimate copy of NoteShare, and
establish that the software versions are compatible. If this handshake fails, the connection is immediately dropped. If such a connection attempt fails more than 3 times (except for a version incompatibility) the client is blacklisted and no more connections are accepted during the session.
Other situations may also result in a client being disconnected and eventually blacklisted. These include receiving a malformed or oversized message,
receiving an encrypted message which cannot be decrypted, or an unencrypted message where an encrypted one was expected.
Passwords and Data Encryption
All communication between copies of NoteShare use a messaging system which breaks up large data transmissions into multiple small messages, called sub- messages. Sub-messages may be interleaved in order to transmit large
document attachments in the background while preserving editing interactivity. When a notebook is shared, users are encouraged to assign a password.
Passwords are required in order to share over the Internet (the notebook names are not even visible otherwise).
When a password is set, viewers must provide the password in order to open the shared notebook remotely. In addition, all messages are then individually
encrypted using 128-bit AES encryption, using Apple's Security Framework, which is its implementation of the CDSA architecture. Appropriate steps are taken in order to maximize the strength of the generated key used to encrypt each message or sub-message.
As always, advise your users on the importance of using a long, varied and non- obvious password.
User Privileges
The following NoteShare features require users to have Administrator Privileges: Changing the default port number
Enabling and using UPnP and NAT-PMP port mapping functionality Enabling and using DDNS client functionality
These features are configured and enabled from the Sharing tab in NoteShare Preferences.
Managing Traffic Load
The messaging required for viewing and editing the text content of notebooks is very light and will have little affect on network traffic loads. However, file
attachments are transmitted from the notebook owner to each viewer of the
notebook, when the page containing the attachment is first opened by the viewer. The attachments are cached on the client machine and only updated when
Sharing for Workgroups and Institutions
Sharing for Workgroups and Institutions
For IT Managers
37-3The attachments are cached on the client machine and only updated when necessary.
If the file size is less than the limit set in Preferences, attachment files are
transmitted automatically. Otherwise the viewer must double-click to download each attachment. This limit may be adjusted in NoteShare Preferences in order to adjust the frequency of automatic attachment downloads.
If a file attachment is greater than 200MB in size, viewers are prompted first before the downloading is started. File attachments greater than 500MB are prevented from being downloaded to viewers.
Sharing for Workgroups and Institutions
Sharing for Workgroups and Institutions
Sharing From Multiple Computers
38When using Bonjour within a home or small office network, all computers running NoteShare can both share notebooks and open them remotely.
However, if you have a home or small office network which uses a router to share an Internet connection which has a single IP address, you will by default only be able to share notebooks to the Internet from one computer at a time. This is because the router can only forward NoteShare messages from outside of your network to one computer within your network, using the default port 8474.
However, if you are willing to add additional port maps (see the page Set Up Your Network For Sharing), you can use different ports for different computers on your network. You must then communicate the different port you are using to those you wish to be able to view your notebooks from the Internet.
In this case, for example, your Airport base station port mapping might look something like this:
The people using the computers with address 10.0.1.5 and 10.0.1.6 would tell Internet users to type ports 8475 or 8476 into their Open Shared Notebook panel using the + button, for example:
Sharing for Workgroups and Institutions
Sharing for Workgroups and Institutions
Security
39NoteShare Only Talks To Other Copies Of NoteShare
The NoteShare server component only accepts messages from other copies of NoteShare. When you are sharing notebooks and a viewer makes a connection request, encrypted messages are immediately exchanged which validate the
request as coming from another copy of NoteShare, and establish that the software versions are compatible. If this "handshake" fails, the connection is immediately dropped. If such a connection attempt fails more than 3 times (except for a version incompatibility) the viewer is blacklisted and no more connections are accepted from them during the session.
Other situations may also result in a viewer being disconnected and eventually blacklisted. These include receiving a malformed or oversized message, receiving an encrypted message which cannot be decrypted, or an unencrypted message where an encrypted one was expected.
Passwords and Data Encryption
When you share a notebook, you are strongly encouraged to assign a password. In fact, passwords are required in order to share over the Internet (your notebook names are not even visible to Internet users otherwise).
When a password is set, viewers must provide the password in order to open the shared notebook remotely. In addition, all messages are then individually
encrypted using industry-standard 128-bit AES encryption. This is the same level of encryption used when you communicate with your bank's web site, or give your credit card information to an online merchant. So even if your data is intercepted in transit, it will be extremely difficult for anyone to read.
It is important to remember that the likelihood of encryption being broken
depends in part on the quality of the passwords you use, and how difficult it is to guess them. For maximum security, use long, non-obvious passwords, with a mix of upper and lower case letters, symbols, numbers.
Appendix
Appendix
40... 41 Frequently Asked Questions
... 42 NoteShare Glossary
... 43 Support, Feedback and Bug Reporting
Appendix
Appendix
Frequently Asked Questions
41-1Is NoteShare Compatible With AquaMinds NoteTaker?
NoteShare creates multi-page notebook documents that are 100% compatible with NoteTaker notebooks. Likewise, you can open and use all of your
NoteTaker notebooks with NoteShare as well as NoteShare Server. Because they share the same identical notebook creation and management features,
NoteShare can be used just like NoteTaker to organize and manage your personal notebooks on your desktop.
What's the difference between NoteTaker and NoteShare?
NoteTaker limits you to sharing to up to 5 simultaneous users. That is, only 5 other users of NoteTaker, NoteShare, or NoteShare Mobile Viewer can connect to your copy and NoteTaker and open its shared notebooks. NoteShare can share to an unlimited number of other users. Also, NoteShare includes advanced sharing features such as a Sharing Monitor, RSS feed output, and additional options for configuring Web Notebooks.
What is NoteShare's security model? Does it use encryption or passwords? NoteShare uses both encryption and password protection to provide users with multiple levels of secure communications and privacy options. If a password is assigned to a notebook, or to the Space in which a notebook is shared, then all communications of notebook data between a remote viewer or owner are
encrypted using 128-bit AES encryption. This is the same level of encryption used when interacting with a bank web site or online merchant.
NoteShare Spaces also provide additional user privacy with password protection in addition to password protection of notebooks.
In order to be visible to viewers over the Internet, a notebook MUST be shared using a password, or be shared in a private (password-protected) space.
Different passwords can be assigned to the notebook and the space in which it is being shared.
It is important to always use passwords which are long, hard to guess, and contain a mixture of letters, symbols, and numbers.
How can I tell who has changed or edited an entry on a notebook page? The Creator attribute can be made visible from the View menu. It will indicate who created or added the entry. The Changed By attribute can also be used to show who last changed or edited an entry. Both attributes are also available as special index pages as well.
On a Section or Contents page, these attributes show the creator or last modifier of the page that each entry represents.
Can colored text be used to indicate an author's identity?
Yes. It's a manual operation but it's a good idea to encourage multiple authors or editors to use a font/style and color to clearly show their additions or edits. From the Ruler, favorite styles (custom fonts/colors) may be easily applied to
Appendix
Appendix
Frequently Asked Questions
41-2From the Ruler, favorite styles (custom fonts/colors) may be easily applied to the selected text within an entry or outline.
The Colors panel may also be used to set the default text foreground color for new entries.
Are shared notebooks private?
Only if they are password protected or being shared in a private space. Password-protected notebooks can only be viewed by a NoteShare user who knows the password. Password-protected notebook content is also encrypted for transmission over the network using 128-bit AES encryption.
Do you need an existing LAN to share notebooks and work together? No, you can use a computer to computer connection to share and work
together. This can be accomplished by a wireless Bonjour (formerly known as Rendezvous) connection between two AirPort-enabled OS X machines or with an Ethernet cable running between each machine.
Can you share a notebook and also be viewing another notebook being shared by another NoteShare user?
Yes. For example, each of you can be viewing the other person's shared notebook and use the Tile command from the Window menu to organize your screens.
Does NoteShare allow concurrent or simultaneous access for editing at the same time?
Yes. Different users can simultaneously edit different pages in the notebook. Only one viewer can edit a given page at a time, but others can see that user's edits in real time, as they occur. And when that user is done editing, another viewer can take the pen and make their changes. Viewers can also indicate to a page's current editor that they are waiting for the pen, and the Sharing Monitor can be used to request a notification when the pen becomes available.
The pen timeout (set in Preferences) can be useful as well.
How do I report a NoteShare bug? Are there specific steps or information to include in a bug report?
At this time, please send email to [email protected]. Include the
version of your operating system. If NoteShare has crashed, please include the crash log ~/Library/Logs/CrashReporter/NoteShare.crash.log, and your
preferences file ~/Library/Preferences/com.aquaminds.NoteShare.plist.
Can I attach files to NoteShare notebook pages? Are there any limitations to