Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!decwrl!pa.dec.com!mogul
From: mogul@pa.dec.com (Jeffrey Mogul)
Newsgroups: comp.unix.ultrix
Subject: Re: Internet security?
Message-ID: <1991Apr18.010503.28085@pa.dec.com>
Date: 18 Apr 91 01:05:03 GMT
References: <JEW.91Apr12104732@rt.sunquest.com>
Sender: news@pa.dec.com (News)
Organization: DEC Western Research
Lines: 22

In article <JEW.91Apr12104732@rt.sunquest.com> jew@rt.sunquest.com (/87336) writes:
>I am trying to determine if we can tighten internet access security on
>our systems.  Under HP-UX, there is a /usr/adm/inetd.sec file that
>allows you to deny or allow access to a range of hosts for each
>service.  Is there anything like that under Ultrix?  Thanks in
>advance.

Not precisely the same thing, but Ultrix 4.2 will include the "screend"
program.  If you use an Ultrix system as a router, screend will allow
you to control access at the router (instead of at the end system).  This
is more convenient when you are dealing with a large collection of hosts
that have to be protected.

For more information, see my paper in Proc. USENIX Summer '89, or wait
for the documentation on the Ultrix 4.2 kit.

Several people have suggested that the screend mechanism be extended to
provide the same kind of function as on HP-UX.  There would be some
performance problems with a simple-minded implementation of this idea,
but I might give it more thought.

-Jeff