HP OpenVMS Systems

ask the wizard
Content starts here

DECnet and Firewall configuration?

» close window

The Question is:

I have 2 alpha boxes connected using DECNet. Each box is in turn connected to
 NT servers. I wish the connection between the two alpha boxes to be available
 only at certain times - it goes across a firewall. Can I dynamically, using a
 script, stop and star
t this network connection without affecting the other network connections?
Would it be better (more secure) to implement this requirement with hardware
 i.e. a switch of some kind?

The Answer is :

  You can start and stop individual DECnet circuits and lines via NCP or
  NCL, and you can start and stop all of DECnet.  You can also check the
  origin of incoming connections and reject these based on UAF username
  (time of day or simple DISUSER) settings or explicit DCL in SYLOGIN or
  similar.  You can use a rotating set of DECnet circuit-level passwords.
  You can probably also tweak the firewall software to selectively open
  and close the window.  Depending on the particular storage hardware and
  the inter-system distances involved, you may be able to use a disk
  (dismounting and remounting it) to transfer the data out and around
  the firewall -- usually only one way, trusted to untrusted.
  Your firewall should be configured for bi-directional filtering, BTW.
  (Attacks can now potentially arise from either side of the firewall.)
  There are undoubtedly other options available.

answer written or last revised on ( 20-SEP-2000 )

» close window