On Mon, 8 Aug 1994, Jim Carroll wrote:
> Okay folks. My question seems to be getting a tad misconstrued,
> possibly by the way I phrased it.
> The company I'm trying to alert has a sysadmin who is confident that
> he's locked up his VMS host. Yet, he's just now going through the
> process of purchasing TCP/IP for it. Since TCP/IP is somewhat
> foreign/new to him, I'm concerned that he is building up a false sense
> of security, esp. when you consider that they have *no* firewall to
> speak of.
As a VMS `firewall' builder and maintainer I'll reach out of my bastion
and pick up that gauntlet.
As a _part_ of an overall security policy, a VMS platform can be
adequately used as (or a part of) a firewall.
Without starting, or stoking a flamewar, as it _has_ been stated before by
others, VMS _out_of_the_box_ requires less knowledge and training to
establish and maintain a more robust (aka secure) system than some other
O/S's _out_of_the_box_ require, and I concur.
I'm using VMS platforms as a firewall - although, IMHO, firebreak would be
more accurate, and if _I_ can do it, he can !
[Details by eMail, if you're interested]
I agree with Jim's concern about acquiring a TCP/IP package for VMS that
will be placed in an exposed environment. Some are more suitable than
others, and a knowledge of firewall philosophy would help with the
selection. The best suggestion I can make, is for the `sysadmin' to
obtain and read Cheswick and Bellovin.
> > --
> Jim Carroll -- jimc @
> e-Commerce, Inc., 1030 Kamato Road, Suite 201
> Mississauga, Ontario, Canada L4W 4B6
> Tel: +1 905 602 0863 Fax: +1 905 603 8402
D. Michael Francis P.Eng | D .
Manager, Central Computing Facility | 1.604.363.5894
Defence Research Establishment Pacific |
CFB Esquimalt, FMO Victoria B.C. V0S 1B0 | 37 Alberg `Sanderling'