HP OpenVMS Systems

ask the wizard
Content starts here

DECnet-Plus Security, IP Firewall?

» close window

The Question is:

Restricting remote host access in DECnet-Plus
Two OpenVMS Alpha systems "FLASH" and "LICKER" are
in communication across the Internet using DECnet-Plus.
We would like to set up a mechanism on one of those
systems (LICKER) which ensures that it will only accept
connections from the other system (FLASH).  I.E. if a
machine other than FLASH attempts to connect to
LICKER, the connection attempt will fail.
I was hoping the DECnet-Plus documentation might
describe where a list of acceptable hosts could be
specified, but I didn't see this.
In DECnet-IV we could have achieved the desired result
using these NCP commands on LICKER:
My understanding of the above is that it would ensure
that *only* FLASH would be able to initiate a connection
to LICKER; any other node attempting to do so would be
rejected.  I can't find similar behaviour for DECnet-Plus.

The Answer is :

  Use an IP firewall, and filter the traffic on the firewall.
  DECnet-Plus over the Internet is assumed to be using the IP
  transport, thus an IP firewall is the most obvious and easiest
  While an attempt to secure the host could be made (and any such
  attempt is also beneficial), the IP firewall itself provides
  better security and reduces the likelyhood that host users or
  host software changes could inadvertently or even deliberately
  expose the host itself.
  The OpenVMS Wizard views securing a dedicated IP firewall as
  easier than securing a general-purpose host, regardless of the
  host software, vendor, applications, and system and network
  and security management abilities.

answer written or last revised on ( 24-NOV-2003 )

» close window