John,
We use the Cisco PIX firewall/router product. We have had some inside initiated
FTP client problems which we hope will be fixed by a software upgrade. The PIX was easy
to set up using a JAVA GUI. Another candidate which appears to be easy to use is
the netscreeen product line (http://www.netscreen.com/). These units have a hardware
oriented implementation and therefore may be more difficult to upgrade. We are very
restrictive about what is allowed to penetrate the fire wall from the outside. CA traffic
from outside the firewall will be allowed to connect only to a read only CA gateway.
I will be setting up this firewall restricted CA gateway in the next few weeks.
Jeff
On Friday, January 22, 1999 10:17 AM, John A. Priller [SMTP:[email protected]] wrote:
> All;
>
> We're about 6 months away from starting up a production EPICS system, and
> I'm wondering about how to best protect our IOCs from malicious intent
> coming at them over the ethernet.
>
> I'd originally planned to set them up on a private network and multi-home
> the workstations on both it and our lab's ethernet, but that involves a lot
> of extra ethernet cards and running a lot of extra cable.
>
> Our Ethernet Gurus suggest that a router/firewall combo between the IOCs and
> our building ethernet would be far easier to implement, and I'm wondering
> what other EPICS sites have tried doing and what seems to work. I find the
> router/firewall idea appealing (from the less-work-for-me standpoint, if
> nothing else), but I'm uncertain how secure it can be configured and still
> allow EPICS to work fairly seamlessly throughout our lab (i.e, channel
> access broadcasts, beacons, log messages, what-have-you, can still pass to
> and from the IOCs and trusted workstations on the other side).
>
> I'd be very interested in hearing what other sites have done to solve this
> sort of problem. And if you've gone with a router and/or a firewall, any
> hints as to how you've configured the thing would be most welcome!
>
> Thanks,
> JP
>
> --
> John A. Priller | Phone : (517) 333-6375
> MSU Cyclotron Laboratory | Fax : (517) 353-5967
> South Shaw Lane | Email : [email protected]
> East Lansing, MI 48824 | Web : http://prille.nscl.msu.edu/jp.html
>
- Navigate by Date:
- Prev:
Re: Protecting EPICS IOCs on ethernet Bill McDowell
- Next:
Re: Protecting EPICS IOCs on ethernet Chip Watson
- Index:
1994
1995
1996
1997
1998
<1999>
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Protecting EPICS IOCs on ethernet Bill McDowell
- Next:
STR7510 sun2
- Index:
1994
1995
1996
1997
1998
<1999>
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|