Subject: | |
From: | |
Reply To: | |
Date: | Sun, 9 Apr 1995 21:24:00 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Greetings network security cognoscenti:
We have an HP3000 as a node on a local network, along with two
Novell servers, multiple DTC's and a growing number of PC's.
Also connected to that LAN is a Cisco 3000 router, supplied by
Riverside County, which provides our Internet connection. Riverside
County refuses to give us (or any of the other school districts connected
through them to the Internet) any access to their router and its packet
filtering capabilities.
I'm considering putting another Cisco router between our network and
the Riverside County router to act as a fire wall. From the little that
I've read about Cisco routers (we have no manuals, only a few pages of
general info faxed from Cisco sales folks), I should be able to program
the router to drop all incoming packets addressed to the HP3000, or drop
all but the smtp packets to let Internet mail in, and so on. I'm not
clear on how ftp inbound/outbound works in this regard.
We have ThinLanLink/3000 running on the 3000 to allow virtual terminal
sessions from our PC's that are running MiniSoft's network software. This
means that anyone with an Internet connection and MiniSoft or Reflection
network software can immediately get to the MPE XL prompt on our system.
We are using all of the MPE password security measures on accounts, groups,
users and, using Security/3000, have passwords on dial in modem ports as
well as all logical ports that could be assigned to virtual sessions.
I'm still not at all happy with our security measures.
Specific questions are:
- Is a router (Cisco or other) an adequate solution? (while keeping all
the local precautions in place) Is there a better or more cost
effective solution?
- If our local PC's (network connected, with IP addresses) are left
unprotected by the fire wall and are acting as stand alone computers
running DOS or Windows applications, can they be accessed through
the (Internet) network and thence the 3000?
- What if the above networked PC's are attached to a Novell server?
- Do Virtual Terminal sessions look at all different at the packet
level? Do all the same filtering techniques work the same way
when a connection is requested?
- Is there a reference that I can consult on all these, and more
complex, packet filtering and security issues?
Thanks in advance for any and all advice and suggestions.
Ivan Couch
Director of Data Processing
Mt. San Jacinto College
1499 North State Street
San Jacinto, CA 92583
909 4876752 ext 1341
[log in to unmask]
|
|
|