>From: bressen @
hks .
net[SMTP:bressen @
hks .
net]
>Here's the worse problem I mentioned.
>
>I've grepped over 9000 archived articles of this group
>and found no mention of how to firewall novell boxes from
>each other.
[stuff deleted]
>How do I protect said client from, say, a disgruntled mailroom
>employee at the provider end, bent on hacking on the clients network?
[stuff deleted]
>Are there any IPX/SPX packet filters available?
>
>Are there any IPX proxy server firewalls available?
>Of course I'll start by recommending that the market data feed
>box go onto its own ethernet segment, and that IP traffic is
>not forwarded on or off of that segment.
Well, one of the simplest ways of isolating Netware Lans is through
a router. On a Cisco, this is as simple applying an access-list to
the ethernet or serial port allowing or denying IPX traffic.
If the Netware server is set up for TCPIP, again, a simple
access-list will do since Netware does all of its work using IPX/SPX
one need not worry too much about TCPIP traffic unless the server is
running something like Netware IP or FlexIP which acts like a
software bridge and encapsulates IPX/SPX in IP traffic. SAP traffic can
also be blocked in this manner.
Of course, this is not to take the place of a vigilent and thoughtful
network administrator, who must make sure that passwords are changed,
rights are secure, and that things are as they should be.
For a good overview on SAPs and IPX access-lists, see documentation
at http://www.cisco.com. There are others, but they don;t come to
mind right now.
HTH
El
|
|
