|
HP OpenVMS Systemsask the wizard |
|
The Question is: I have 2 alpha boxes connected using DECNet. Each box is in turn connected to NT servers. I wish the connection between the two alpha boxes to be available only at certain times - it goes across a firewall. Can I dynamically, using a script, stop and star t this network connection without affecting the other network connections? Would it be better (more secure) to implement this requirement with hardware i.e. a switch of some kind? The Answer is : You can start and stop individual DECnet circuits and lines via NCP or NCL, and you can start and stop all of DECnet. You can also check the origin of incoming connections and reject these based on UAF username (time of day or simple DISUSER) settings or explicit DCL in SYLOGIN or similar. You can use a rotating set of DECnet circuit-level passwords. You can probably also tweak the firewall software to selectively open and close the window. Depending on the particular storage hardware and the inter-system distances involved, you may be able to use a disk (dismounting and remounting it) to transfer the data out and around the firewall -- usually only one way, trusted to untrusted. Your firewall should be configured for bi-directional filtering, BTW. (Attacks can now potentially arise from either side of the firewall.) There are undoubtedly other options available.
|