Internet security question.
brian at ukma.UUCP
brian at ukma.UUCP
Wed Mar 11 11:31:07 AEST 1987
We will soon be attached to the internet, and I have some concerns about
how our systems should be connected. We are running 4.3BSD+NFS
on several vaxes communicating over ethernet. As the ethernet
contains only machines which are "trusted" most of the hosts are
equivalent to each other. My question is what happens when one of these
hosts is connected to the outside world. I assume that it would be
a good idea to bring the outside in through a seperate device,but even
so how do I prevent soemone on the outside from passing packets
which make him appear to be one of our "equivalent" hosts?
An example may clarify what I mean. Lets say that our local net is
100 and the "outside" net is 101. Since I want all of the machines on
net 100 to be able to talk outside I setup the machine attached
to both as a gateway by telling my machines to send all unroutable packets
to 101 (right?). Now what keeps Nasty person X on on net 201 (attached
to 101) from claiming to be on net 100 and thus enjoying the
equivalent privledges? Is there some way to configure 4.3 to do this for me that
I do not see? How do big sites handle this?
--
Brian Sturgill System Manager
University of Kentucky Departments of Mathematical Sciences
cbosgd!ukma!brian, brian at UKMA.BITNET, brian at ms.uky.csnet
More information about the Comp.unix.wizards
mailing list