Great Circle Associates Firewalls
(September 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: DNS w/NIS
From: Brent Chapman <brent @ GreatCircle . COM>
Date: Mon, 27 Sep 1993 07:35:58 -0700
To: "Jonathan B. Horen" <horen @ zeus . datasrv . co . il>
Cc: firewalls @ GreatCircle . COM
In-reply-to: Your message of Sun, 26 Sep 1993 09:34:37 +0200

"Jonathan B. Horen" <horen @
 zeus .
 datasrv .
 co .
 il> writes:

# OK -- I've read the SYSADMIN FAQ about how to configure the DNS
# when running NIS, but I have a situation not addressed by the
# FAQ:
# 
# I want to configure my machine, which will be our gateway to the
# Internet (it will be connected via SLIP/PPP to a commercial Internet
# provider) as a "firewall" machine.  Reading the O'Reilly book on
# Practical Security, I learned that a host configured as a firewall
# should *not* be running NIS.  So... my question is:
# 
# Should I try to configure my gateway as its own NIS master, and then
# have a second NIS master for the rest of the network? (btw, the
# gateway will have a "real" Internet IP address, vis-a-vis the provider,
# one that can be different than the rest of our network... is this a
# "plus" or a "minus" [or of no consequence:]?)

Don't run NIS on your gateway.  Why would you need to?  Who would it
then share its data with, other than attackers?


-Brent
--
Brent Chapman                                   Great Circle Associates
Brent @
 GreatCircle .
 COM                           1057 West Dana Street
+1 415 962 0841                                 Mountain View, CA  94041


Indexed By Date Previous: Re: Security Risk Assessment (was Re: Access control for SMTP?)
From: charisse @ Smallworks . COM (Charisse Castagnoli)
Next: Re: DNS w/NIS
From: jdlacour @ dal . mobil . com (Jeffrey D. LaCoursiere)
Indexed By Thread Previous: DNS w/NIS
From: "Jonathan B. Horen" <horen @ zeus . datasrv . co . il>
Next: Re: DNS w/NIS
From: jdlacour @ dal . mobil . com (Jeffrey D. LaCoursiere)

Google
 
Search Internet Search www.greatcircle.com