[Info-vax] Some SEARCH commands
Mark Berryman
mark at theberrymans.com
Sat Mar 2 01:18:31 EST 2019
On 3/1/19 5:15 PM, Simon Clubley wrote:
> On 2019-03-01, Dave Froble <davef at tsoft-inc.com> wrote:
>> On 3/1/2019 3:25 AM, Simon Clubley wrote:
>>>
>>> Sorry Mark, but that is wrong as when they are setup correctly you can
>>> make it vastly harder to spoof an IP node than it is to spoof a DECnet
>>> Phase IV node.
>>
>> Not if Mark's suggestions are followed. If you're responding to them,
>> then don't attempt to ignore them.
>>
>
> I'm assuming you are referring to the locking down DECnet using hardware
> comments. I've already commented about depending on hardware but in case
> that wasn't clear enough:
>
> The idea that you _need_ enterprise level hardware locked down to
> the level Mark has specified in his challenge in order to give
> DECnet Phase IV any level of real security is insane.
>
> TCP/IP also benefits from having custom enterprise level hardware on
> the network but it doesn't actually _need_ it in order to provide a
> core level of security.
Of course not. That's why nobody uses firewalls any more. Oh, wait...
Simon, look up what the "switchport port-security" command does on a
Cisco switch. Yes, that's right. The same things I have suggested for
making a DECnet network more secure are also used to make an IP network
more secure.
Insane? Not in the real world, pal.
Mark Berryman
More information about the Info-vax
mailing list