|
HP OpenVMS Systemsask the wizard |
|
The Question is: Restricting remote host access in DECnet-Plus Two OpenVMS Alpha systems "FLASH" and "LICKER" are in communication across the Internet using DECnet-Plus. We would like to set up a mechanism on one of those systems (LICKER) which ensures that it will only accept connections from the other system (FLASH). I.E. if a machine other than FLASH attempts to connect to LICKER, the connection attempt will fail. I was hoping the DECnet-Plus documentation might describe where a list of acceptable hosts could be specified, but I didn't see this. In DECnet-IV we could have achieved the desired result using these NCP commands on LICKER: NCP> SET EXEC DEFAULT ACCESS OUTGOING NCP> SET NODE FLASH ACCESS BOTH My understanding of the above is that it would ensure that *only* FLASH would be able to initiate a connection to LICKER; any other node attempting to do so would be rejected. I can't find similar behaviour for DECnet-Plus. Thanks. The Answer is : Use an IP firewall, and filter the traffic on the firewall. DECnet-Plus over the Internet is assumed to be using the IP transport, thus an IP firewall is the most obvious and easiest option. While an attempt to secure the host could be made (and any such attempt is also beneficial), the IP firewall itself provides better security and reduces the likelyhood that host users or host software changes could inadvertently or even deliberately expose the host itself. The OpenVMS Wizard views securing a dedicated IP firewall as easier than securing a general-purpose host, regardless of the host software, vendor, applications, and system and network and security management abilities.
|