I have been following the discussions on WWW/Gopher/Mosiac and have
surmised that the current implementaion of these browsers is not very
secure (particularly for a "paranoid" site). I will probably be
"forced" to implement Mosaic in some form in the very near future.
Instead of running a proxy using SOCKS through our firewall, I was
thinking of putting a system outside the firewall which does all the
Mosaic work and using xforward to send the display inside. Any files
obtained would be dumped on this "sacraficial" system and could be
retreived using the existing ftp/telnet SOCKS proxies. If a Mosiac
session compromised the external host, no harm would be done and the
system could be restored from backup tapes.
I would appreciate any comments/suggestions on the proposed
configuration.
TIA
kpb
Internet
|
|
/--------\
| Router |
\--------/
|
| /---------\
| __ | Mosaic |
| | Host |
| \---------/
|
/--------\ /---------\ ftp/telnet Proxies
| Choke | | Bastion | xforward
| Router | | Host |
\--------/ \---------/
| | Screened
------------------------------------------------
| Subnet
/--------\
| Router |
\--------/
| Site
------------------------------------------------
| |
/---------\ /---------\ LAN
| UNIX | | Windows |
| Host | | PC |
\---------/ \---------/
--
=============================================================================
=Kurt Beernink beernink @
fnoc .
navy .
mil=
=Fleet Numerical Meteorology and Oceanography Center DSN 878-4539=
=7 Grace Hopper Ave =
=Attn: Code 53 (408) 656-4539=
=Montery, CA 93943-0053 =
=============================================================================
|
|
