Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!mcvax!cernvax!cgch!whwb
From: whwb@cgch.UUCP (Hans W. Barz)
Newsgroups: comp.protocols.tcp-ip
Subject: Security and Access Restrictions
Message-ID: <533@cgcha.cgch.UUCP>
Date: Tue, 27-Oct-87 09:02:42 EST
Article-I.D.: cgcha.533
Posted: Tue Oct 27 09:02:42 1987
Date-Received: Sat, 31-Oct-87 00:32:28 EST
Organization: CIBA-GEIGY AG, FO/WIRZ/WRZ, CH-4002 Basel, Switzerland
Lines: 25
Keywords: TCP/IP, Security, Access Restrictions


I am currently planning a bigger productive TCP/IP network. I am searching for
a possibility inside TCP/IP to restrict the access to a part of a network.
This means, that I want to allow only certain IP-adresses  to get access to a
machine or pass through a gateway. 

This is necessary, since some services at the port level are open i.e. an
intelligent programmer can connect to these ports and find out how he has to
behave to get something out of the services behind that port. For Telnet and
FTP since is obviously solved since you have to enter a user plus a password.
But we are thinking of program-to-program communication between ports and the
user should not always type user/password-combinations. What we could do, is
checking the incomming IP-adress in every server program behind a port. But is
there no general more elegant approach incorporated in TCP/IP ?


 ####    #####  ####### #     #          H.W.Barz
 #    #    #    #     #  #   #           ST
 #         #    #         # #            WRZ
 #         #    #  ####    #             R-1032-5.58
 #         #    #     #    #             CIBA-GEIGY
 #    #    #    #     #    #             CH-4002 Basel
 #####    ###    #####     #             Tel.*41-61-374520
                                         Electronic-Mail: cernvax!cgcha!whwb
'