RE to RE: Connection between Symbolics and Explorer

[Barry Margolin <barmar@THINK.COM>]

    Date: Tue, 9 May 89 12:38:04 N
    From: baechler%elma.epfl.ch@cunyvm.cuny.edu

      That question of connection raises an important problem which has, in
    part, already been discussed: As soon as someone knows our address on a
    given network, he can acess our machines and do what he wants and we
    can't do anything. So the solution "Close your door !" to ensure a
    minimal security is perfectly insufficient. Cutting ourself from the
    networks is unpossible: our machines must be able to communicate
    between each other and must must also communicates with machines of other
    labs. The creation of a minimal security system (controlling remote
    connections and file acess) should be at a very high priority in the
    developpment of all lisp machines in order to provide any further
    "accident".

Well, I don't know about the Explorer network software, but on Symbolics
you can specify "Secure Subnets" in the namespace, and the more
dangerous servers will only accept connections from hosts on the
specified subnets.

You can also turn off particular servers completely with the Disable
Services command, e.g.

	Command: Disable Services TELNET, SUPDUP

Finally, you can go the route we've gone, and add security to your
gateway to outside networks.  Our gateway will not permit incoming
packets destined for low-numbered (<1024) TCP/UDP ports.  This prevents
outside machines from contacting internal servers, but allows outside
machines to respond to connections from here.

                                                barmar