[HECnet] Public access?

[Steve Davidson]

Make a standalone system with either its own VLAN or an IP subnet that
has no route to anywhere.   If you choose the second path then, stop the
IP stack and start DECnet when you have to do maintenance, then revert
to normal operations when maintenance is done.   Not that difficult...

Also, limit the number of connections so as not to saturate your link
and limit the number of logins for any account you create.   The first
part could be a property of your router or the system.   The second part
is a property of the SYSUAF.DAT database managed by AUTHORIZE.EXE.

-Steve




-----Original Message-----
From: owner-hecnet at Update.UU.SE [mailto:owner-hecnet at Update.UU.SE] On
Behalf Of Sampsa Laine
Sent: Wednesday, September 25, 2013 5:30 PM
To: hecnet at Update.UU.SE
Subject: Re: [HECnet] Public access?

On 25 Sep 2013, at 22:34, Steve Davidson <jeep at scshome.net> wrote:

If you are that worried about your security on a given system then
make a standalone system available to the world and be done with it.   I
am sure that I could come up with something if I could only find the
time...   It really isn't that difficult.

-Steve

Not so worried about the system specifically but the other machines that
are on the same network - you are letting people onto your LAN,
effectively. 

If I opened up a system for guest access (i.e. no registrations and
manual verification of accounts), I'd probably put it on it's own VLAN,
isolated from the rest of my stuff.

At the moment neither CHIMPY/GORVAX or HILANT are set up like this.

sampsa