LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1999, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1999, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Dual Network Cards on HP3000
From:	Chris Bartram <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Fri, 12 Mar 1999 15:10:37 -0500
Content-Type:	Text/Plain
Parts/Attachments:	Text/Plain (27 lines)

 In <[log in to unmask]> [log in to unmask] writes:

> Has anyone installed 2 network cards on an HP3000 ?

Yup.

> If so, can I disable ftp, vtmgr etc on the 2nd card to secure it.  As
> you can guess, this will be the card exposed to the world.

Don't think so. You can restrict access to inetd-controlled services by their
source address, but if I recall correctly, most network calls on the 3000
can't tell which network interface a connection request came in on (other
than guessing based on knowledge of which network addresses are reachable
from where).

I believe the best you can do:

-Control inetd-controlled services with the inetdsec file (restrict connect-
 ions to 'known' source addresses)

-Implement option-logon UDC checks that verify the incoming (source) address
 of any logon (easily done using the CI Vars already set by MPE)

or put a good firewall between your 3000 and the "world".

  -Chris (remove nospam) Bartram

ATOM RSS1 RSS2

RAVEN.UTC.EDU