LISTSERV - HP3000-L Archives

HP3000-L Archives

April 1995, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 1995, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: VT/Network Security
From:	Eero Laurila <[log in to unmask]>
Reply To:	Eero Laurila <[log in to unmask]>
Date:	Mon, 10 Apr 1995 16:21:58 GMT
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Ivan COUCH ([log in to unmask]) wrote:
: Greetings network security cognoscenti:
[snip]
:     Specific questions are:
:   - Is a router (Cisco or other) an adequate solution? (while keeping all
:      the local precautions in place)  Is there a better or more cost
:      effective solution?
 
       - I would think so.  Maybe others can comment on this.
 
:   - If our local PC's (network connected, with IP addresses) are left
:      unprotected by the fire wall and are acting as stand alone computers
:      running DOS or Windows applications, can they be accessed through
:      the (Internet) network and thence the 3000?
 
       - Only if the PC's have some daemon processes running that will accept
         an incoming connection to the PC, a 'logon' to the PC and then
         go from there.  I don't know of such things on PC's.
 
:   - What if the above networked PC's are attached to a Novell server?
 
      - ???
 
:   - Do Virtual Terminal sessions look at all different at the packet
:      level?  Do all the same filtering techniques work the same way
:      when a connection is requested?
 
      - VT connections look like any other TCP/IP traffic, the TCP-port
        numbers that your router should worry about are #1537 (msg-mode VT)
        and #1570 (stream-mode VT).  There's one more port number (#1358) that
        VT may use but that's only for reverse VT which will not logon, cannot
        access any files and can only be initiated from another HP3000.
        It can only be used to FOPEN real DTC attached terminals on another
        system - i.e. an application that wants to get a terminal device
        on a local system for read/write can do it on a terminal device
        on a remote system through use of reverse VT.  However, this will
        only allocate a terminal on remote system for input/output but there's
        no logon and VT will only access the terminal, it has no access to
        files nor CI.   Hope that was not too confusing, the bottom line is
        that you only need to worry about ports #1537 & #1570 to block VT
        access to your system.
 
:   - Is there a reference that I can consult on all these, and more
:      complex, packet filtering and security issues?
 
      - I'm sure someone will have a pointer.  I've been able to do filtering
        needed using HP's routers and their reference manuals with some TCP
        and IP header formats documents in front of me.
 
 
Hope this helps some,
:-) Eero Laurila - HP CSY Networking lab, NS services.

ATOM RSS1 RSS2

RAVEN.UTC.EDU