>Alastair Young writes:
>>
>> Place the gopher server outside your packet filter/bastion host.
>> Use the TIS netacl to chroot the rodent it before it executes.
>
> Alastair,
>
> Could you expand on this, please? To the list if appropriate.
>
> What I don't understand is: if the server is outside the bastion
> host then how do the clients get to it? And, does this server handle
> all requests for internal clients ?
>
Your users inside can get out. This can either be allowed by specific
holes in your packet filter or by some proxy service on the bastion host.
However they would get to other peoples gopher servers, they do the same to
get to yours.
You put all the services that are to be available via the gopher either on
the gopher server itself or (if you really must) have an inbound proxy to
internal services.
The idea is that everyone and their dog has access to the system using an
untrustworthy application so you put it outside. If you have a dual
firewall config you would probably put it in the middle.
As for thew chroot? Belt and braces.
Al
---------------------------------------------------------------------------
Alastair Young _ Ariel NH
Cadence Design Systems, Information Services )/___ _ Red Hunter
555 River Oaks Parkway, 4B1 __/(___)_*##/c
San Jose CA 95134 Fax: (408)894-3487 / /\\|| \ / \ Brakes'n'lites
alastair @
cadence .
com (408)428-5278 \__/ ----'\__/ novel eh?
---------------------------------------------------------------------------
These statements and opinions are mine, not those of Cadence Design Systems
|
|
