HP OpenVMS Systems

ask the wizard
Content starts here

Connect OpenVMS to Internet? (Security)

» close window

The Question is:

 
We want to make our VAX cluster available on the Internet.  We have a VAX
 4000-200 and a VAX 4000-400 running Decnet, no TCP-IP.  We are thinking of
 using another machine as the "front end" to the Internet.  It can be either a
 VaxStation 4000VLC or a Micr
oVax 3100 Model 10, or we can buy whatever system is necessary.  The front end
 would take care of receiving the TCP-IP from the Internet and passing it to
 the cluster as Decnet. Any suggestions or ideas greatly appreciated!
Thank you

The Answer is :

 
  Route-through from IP to DECnet is the least of your considerations.
  Making your OpenVMS Cluster available on the Internet may well mean
  you are (unintentionally) providing more access than you had intended.
 
  Get a (reputable) firewall router.  Keep its filters current.
 
  Get to the current OpenVMS version.
 
  Get to the current OpenVMS ECOs.
 
  Get to the current TCP/IP Services version, and ECO.
 
  Disable SMTP route-through or configure the provided filter on any
  system exposed to the internet.
 
  Acquire SSL or SSH or other encrypting transport.
 
  Consider one-time passwords for remote logins -- you will definitely
  want to look at encryption, and particularly look at the information
  (sensitive documents, passwords, etc) that might be in cleartext.
 
  You will want to enable and periodically review auditing.
 
  You will want to harden your environment -- consider the use of CD-R
  based system disks or other non-writable media -- and you will most
  definitely want to archive anything you care about at regular intervals.
 
  Segment your network into a trusted and an untrusted zone, and
  potentially a "hot" zone in between these.  While you will obviously
  not want to trust any systems outside your firewall, you will also
  want to avoid trusting systems behind your firewall -- if these are
  compromised...
 
  Educate your users on appropriate security and particularly appropriate
  email practices.
 
  Read and follow the directions in the OpenVMS Guide to System Security,
  and specifically the appendix on configuring for NCSC Class C2 security.
 


  

     
     
answer written or last revised on ( 29-MAR-2002 )

     
» close window