Simon Clubley
2017-03-15 13:35:39 UTC
Will the port of Multinet to VSI VMS come with an integrated firewall ?
If it doesn't then should it ?
Don't forget that firewalls can be used to stop outgoing connections
as well as incoming ones so it could be a good tool if the VMS system
gets compromised.
I like the idea of an integrated firewall so that VMS processes
attempting to make an unauthorised outgoing connection would see
the connection attempt fail immediately and the attempt would be
logged in the VMS security logs.
The firewall could also control by port where packets for certain
destination ports could be sent (so that you couldn't get past the
firewall by adding extra payload data to DNS lookups for example
and sending it to an unauthorised DNS server.)
In large organisations this would probably be handled at the
network boundaries themselves and not on individual systems,
but I can see situations when having a firewall on the VMS system
itself could be useful (even in large organisations as maybe an
extra safeguard).
What do you think ?
Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
If it doesn't then should it ?
Don't forget that firewalls can be used to stop outgoing connections
as well as incoming ones so it could be a good tool if the VMS system
gets compromised.
I like the idea of an integrated firewall so that VMS processes
attempting to make an unauthorised outgoing connection would see
the connection attempt fail immediately and the attempt would be
logged in the VMS security logs.
The firewall could also control by port where packets for certain
destination ports could be sent (so that you couldn't get past the
firewall by adding extra payload data to DNS lookups for example
and sending it to an unauthorised DNS server.)
In large organisations this would probably be handled at the
network boundaries themselves and not on individual systems,
but I can see situations when having a firewall on the VMS system
itself could be useful (even in large organisations as maybe an
extra safeguard).
What do you think ?
Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world