LISTSERV - HP3000-L Archives

HP3000-L Archives

April 1995, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 1995, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	VT/Network Security
From:	Ivan COUCH <[log in to unmask]>
Reply To:	Ivan COUCH <[log in to unmask]>
Date:	Sun, 9 Apr 1995 21:24:00 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Greetings network security cognoscenti:
    We have an HP3000 as a node on a local network, along with two
Novell servers, multiple DTC's and a growing number of PC's.
Also connected to that LAN is a Cisco 3000 router, supplied by
Riverside County, which provides our Internet connection.  Riverside
County refuses to give us (or any of the other school districts connected
through them to the Internet) any access to their router and its packet
filtering capabilities.
    I'm considering putting another Cisco router between our network and
the Riverside County router to act as a fire wall.  From the little that
I've read about Cisco routers (we have no manuals, only a few pages of
general info faxed from Cisco sales folks), I should be able to program
the router to drop all incoming packets addressed to the HP3000, or drop
all but the smtp packets to let Internet mail in, and so on.  I'm not
clear on how ftp inbound/outbound works in this regard.
    We have ThinLanLink/3000 running on the 3000 to allow virtual terminal
sessions from our PC's that are running MiniSoft's network software.  This
means that anyone with an Internet connection and MiniSoft or Reflection
network software can immediately get to the MPE XL prompt on our system.
We are using all of the MPE password security measures on accounts, groups,
users and, using Security/3000, have passwords on dial in modem ports as
well as all logical ports that could be assigned to virtual sessions.
I'm still not at all happy with our security measures.
    Specific questions are:
  - Is a router (Cisco or other) an adequate solution? (while keeping all
     the local precautions in place)  Is there a better or more cost
     effective solution?
  - If our local PC's (network connected, with IP addresses) are left
     unprotected by the fire wall and are acting as stand alone computers
     running DOS or Windows applications, can they be accessed through
     the (Internet) network and thence the 3000?
  - What if the above networked PC's are attached to a Novell server?
  - Do Virtual Terminal sessions look at all different at the packet
     level?  Do all the same filtering techniques work the same way
     when a connection is requested?
  - Is there a reference that I can consult on all these, and more
     complex, packet filtering and security issues?
 
   Thanks in advance for any and all advice and suggestions.
 
                                   Ivan Couch
                                   Director of Data Processing
                                   Mt. San Jacinto College
                                   1499 North State Street
                                   San Jacinto, CA 92583
                                   909 4876752 ext 1341
                                   [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU