The Question is:
I have 2 alpha boxes connected using DECNet. Each box is in turn connected to
NT servers. I wish the connection between the two alpha boxes to be available
only at certain times - it goes across a firewall. Can I dynamically, using a
script, stop and star
t this network connection without affecting the other network connections?
Would it be better (more secure) to implement this requirement with hardware
i.e. a switch of some kind?
The Answer is :
You can start and stop individual DECnet circuits and lines via NCP or
NCL, and you can start and stop all of DECnet. You can also check the
origin of incoming connections and reject these based on UAF username
(time of day or simple DISUSER) settings or explicit DCL in SYLOGIN or
similar. You can use a rotating set of DECnet circuit-level passwords.
You can probably also tweak the firewall software to selectively open
and close the window. Depending on the particular storage hardware and
the inter-system distances involved, you may be able to use a disk
(dismounting and remounting it) to transfer the data out and around
the firewall -- usually only one way, trusted to untrusted.
Your firewall should be configured for bi-directional filtering, BTW.
(Attacks can now potentially arise from either side of the firewall.)
There are undoubtedly other options available.