Internet security

Bill Crosbie crosbie at AESOP.RUTGERS.EDU
Thu Nov 30 10:00:46 EST 1995 

>One question is do we need a separate server to run TCP/IP (Internet 
>clients..email, telnet, ftp, web browser) or can those be installed on the 
>LAN server?
>

There are solutions that will allow you to run TCP/IP from a Novell server.
When you run Novell you are using a network protocol known as IPX.  As you
are aware, the Internet is based on TCP/IP.  This is just a separate
protocol for exchanging packets of information.  If your systems need full
time access to the internet, then you should have your workstations
configured so that they have TCP/IP loaded on them.  If their use of
internet resources is limited, or you don't have enough addresses to assign
to every computer, it is possible to have the Novell server assign the
TCP/IP addresses dynamically.

If you have the TCP/IP addresses on the Novell server, and the server goes
down, then you will lose access to the internet as well.  IF the systems
have the stack locally, then you would still be able to use telnet, ftp and
netscape (providing that these programs were on the workstation, not the
server.)

It really comes down to how much 'Net usage the systems will have in the
long run and what your systems folks have standardized on and are capable of
supporting.




>Specifically, do you use firewall software such as "Gauntlet" in front of
>your servers?  Is it worth the expense?  
>

A firewall is recommended, alkthough it is not trivial to set up.  With more
people getting connected to the net you will see more "hacking" going on.
Some of it malicious, some just for the sake of learning.


>How was a balance of access (for library resources meant to be shared) vs.
>protection (for sensitive museum collection information) achieved?  
>

While we don't have a similar situation here, I would have to say that if
the information is extremely sensitive it should be on a separate LAN.  IF
it needs to be shared, then it needs to be on a separate subnet, with all
access to that portion of your network coming from authenticated users.


Hope this is somewhat helpful.  

+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=+
 "For my purpose holds to sail		Bill Crosbie
   beyond the sunset, and the baths	Microcomputer/Network Analyst
   of all the western stars,	  	Rutgers University-Chang Library
   until I die."    ~ Tennyson		crosbie at aesop.rutgers.edu
    					(908) 932-0305 x114
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=+

More information about the Web4lib mailing list