home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



Internet Firewall Protection: Listings

Listing 1: Using the process status command shows that we have stripped down our firewall system, leaving few servers.

relay% ps -ax
PID TT STAT TIME COMMAND
0 ? D 2:13 swapper
1 ? IW 0:29 /sbin/init -
2 ? D 0:02 pagedaemon
66 ? IW 16:26 syslogd
76 ? S 95:29 update
79 ? IW 0:58 cron
81 ? IW 2:58 inetd
11099 ? IW 15:00 in.named
3157 co S 0:00 -csh (csh)
3570 co R 0:00 ps -ax
relay%

Listing 2: An example /etc/inetd.conf for SunOS 4.1.2 with just the proxy and authentications servers included.

% cat /etc/inetd.conf
telnet stream tcp nowait root /usr/local/etc/tn-gw
authsrv stream tcp nowait root /usr/local/etc/authsrv authsrv
%

Listing 3A: An example authentication setup for telnet--a portion of the netperms-table including the rules for the telnet proxy we are setting up.

% grep tn-gw netperms-table
tn-gw: welcome-msg /usr/local/etc/tn-welcome.txt
tn-gw: permit-hosts 192.33.112.*
tn-gw: permit-hosts * -auth
%

Listing 3B: An example authentication setup for telnet--an attempt to login to our internal network from the Internet would look something like this.

otter-> telnet relay
Trying 192.94.214.100 ...
Connected to relay.tis.com.
Escape character is '^]'.
Trusted Information Systems, Inc.
This system is for authorized users only in accordance with TIS
Policies & Procedures Section I.A.4.e.
Valid commands are:
(c)onnect hostname [port]
(h)elp or ?
(q)uit or (e)xit
telnet> c some.other.machine
Trying 198.192.21.2 port 23...
SomeOS UNIX (some.other.machine)
login: mjr
Password:
Last login: Tue May 17 14:51:46 from 141.160.2.224
SomeOS Release 1.1 (SOMEBOX): Tue Jun 1 13:22:26 EDT 1993
TERM is vt100
some.machine% logout
Remote server has closed connection
Connection closed by foreign host.
otter->

Listing 3C: An example authentication setup for telnet--the authentication procedure via the telnet proxy looks different when the attempt is made from an external network.

some.machine% telnet relay.tis.com
Trying 192.94.214.100 ...
Connected to relay.tis.com.
Escape character is '^]'.
Trusted Information Systems, Inc.
This system is for authorized users only in accordance with TIS
Policies & Procedures Section I.A.4.e.
Valid commands are:
(c)onnect hostname [port]
(h)elp or ?
(q)uit or (e)xit
Username: mjr
SNK Challenge "235673": 42330999
Login Accepted
telnet> c otter
Trying 192.33.112.117 port 23...
SunOS UNIX (otter)
login: mjr
Password:
Last login: Mon May 30 12:07:35 from fred.tis.com
SunOS Release 4.1.3_U1 (FNORD) #1: Wed Oct 13 17:48:35 PDT 1993
You have mail.
otter-> ^D
Remote server has closed connection
Connection closed by foreign host.
some.machine%

Listing 3D: An example authentication setup for telnet--this is a sample of the audit records generated by the example sessions shown in 3B and 3C.

permit host=otter.tis.com destination=198.192.21.2
connected host=otter.tis.com destination=some.machine
exit host=otter.tis.com dest=some.machine in=1027 out=103 user=unauth duration=43
permit host=some.machine use of gateway
AUTHENTICATE mjr (tn-gw some.machine/198.192.21.2)
authenticate user=mjr
permit host=some.machine destination=192.33.112.117
connected host=some.machine destination=otter
exit host=some.machine dest=otter in=222 out=34 user=mjr duration=26

Listing 4: The authsrv program manages the authentication database which is kept on a host in the internal network.

relay# authsrv
authsrv# list
Report for users in database
user group longname status proto last
---- ----- -------- ------ ----- ----
mjr Glenwood Marcus Ranum y Snk Mon May 30 14:25:58 1994
dave Glenwood Dave Dalva y Snk Fri May 27 08:58:09 1994
avoliof Glenwood Fred Avolio y Skey Thu Apr 28 15:48:01 1994
. . .
authsrv# adduser bdobbs "Robert Dobbs"
ok - user added initially disabled
authsrv# proto bdobbs ?
Unknown protocol "?", use one of: none password Skey Snk
authsrv# proto bdobbs snk
changed
authsrv# pass bdobbs '034 173 013 432 134 100 209 054'
Secret key changed
authsrv# enable bdobbs
enabled
authsrv# disp bdobbs
Report for user bdobbs (Robert Dobbs)
Authentication protocol: Snk
Flags:none
authsrv# group bdobbs demo
ok
authsrv# list
Report for users in database
user group longname status proto last
---- ----- -------- ------ ----- ----
mjr Glenwood Marcus Ranum y Snk Mon May 30 14:25:58 1994
dave Glenwood Dave Dalva y Snk Fri May 27 08:58:09 1994
bdobbs demo Robert Dobbs y Snk never 
avoliof Glenwood Fred Avolio y Skey Thu Apr 28 15:48:01 1994
. . .
authsrv# ^D
relay #
Print This Page


e-mail Send as e-mail





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



Techweb
IWKBTN
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek ReportsInformationweek MagazinebMightyByte and SwitchDark ReadingDigital Library
Intelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. Dobbs
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoSoftware ConferenceNoJitterMobile Connect
Black HatGTECEnergy CampMashup CampStartup CampCloud Connect
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungCable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoOptical ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev Pro
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2009  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights