> Is anyone running Mosaic or Gopher on a VAX/VMS system and can
> share any security related issues that need to be considered?
> We are trying to determine whether a firewall is needed and if so,
> what type.
I don't know what you would be trying to protect, but if its privacy or
integrity is of any concern at all, you should be considering some kind
of firewall. The level of protection will depend on the results of your
OpenVMS is no different from UNIX in that to lock down a bastion,
complexity is your enemy. If you have time sharing users and lots of
servers, put a firewall in front of it. If it's a special purpose
information server with just a few daemons (FTP, Web, etc.), you can put
it out on the Internet.
You will need an operating system and TCP/IP software in which you're
confident. It's important to say it that way, since TCP/IP software is
an unbundled product on the OpenVMS platform. You'll want a recent
version of OpenVMS with any applicable security patches applied. I
recommend MultiNet from TGV for TCP/IP, but then [*disclaimer*] I sell
it. So ask some other folks. It seems Digital's TCP/IP Services for
OpenVMS VAX (or AXP) (a.k.a. "UCX") is always playing catch-up.
In addition to the usual issues, web and gopher servers and clients are
subject to the risks inherent in letting possibly naive users fetch live
multimedia objects, including PostScript files, command procedures, and
executable images. Web is a superset of gopher issues, so consider only
web and you'll cover gopher. The risks are not unlike allowing folks to
play with floppy disks of uncertain origin: viruses, trojan horses, and
other rogue programs/objects. The best discussion of seen of these
issues for web users is the Rutgers WWW-Security Reference page
Mosaic is a web client. Gopher includes both client and server. Of
course there are also web servers for OpenVMS. In followup questions,
do specify whether you intend to run only clients or also servers.
(Don't run both on a bastion!)
> Thanks in advance!
> stuart @
You're welcome. Good luck!
"Steve" Stephen L. Arnold, Ph.D., President, Arnold Consulting, Inc.
Address 2530 Targhee Street, Madison, Wisconsin 53711-5491 U.S.A.
Telephone +1 608 278 7700 Facsimile +1 608 278 7701
Internet Stephen .
Com Pager (800) 351 8927
From: "*STUART, FRANK" <STUART @