| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1742.1 | err.. | ANNECY::HOTCHKISS | | Tue Jan 28 1997 09:32 | 3 |
| ..quiet in here,ain't it John ?
:-)
|
| 1742.2 | IP address/subnet management tool? | WOTVAX::2h0533.olo.dec.com::Tim_Banks | tim.banks@olo.mts.dec.com | Wed Jan 29 1997 07:40 | 18 |
| I know this is not strictly a firewall topic, but folk who read this
conference may have come across this.....
Has anyone come across a software/application tool for managing the
allocation of IP addresses and subnets? I need this for a global customer
project I am working on, so that we can keep a central record of address
allocation, but distribute the allocation function to regional network
managers.
I have some ideas of how to write one using Web Browsers, SQL and a
database of some kind, but I have a gut feel that I am re-inventing the
wheel.
Thanks
Tim
x-posted Internet Tools
|
| 1742.3 | | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 29 1997 07:48 | 4 |
| I strongly suspect that most customers use DNS as this database... or have I
missed the point of what you're looking for?
T
|
| 1742.4 | IPv6 and Security Policies | GALVIA::SMITH | | Wed Jan 29 1997 09:23 | 26 |
| I agree that there are quite a few issues looming in this space. And
the firewall product will need some extensive work to ensure that it
will function correctly in an environment running IPv6. To a large
degree it will continue to rely on o/s support and until the o/s
implements this support, the product will not support IPv6 either. I
would also expect that market pull (or lack of it) will also have an
effect.
Regarding the specific issues you raised, most if not all relate to the
ability to dynamically allocate and modify addresses and routing
information. Clearly this is something firewall admins try to avoid as
it creates the significant possibility that someone unauthorised could
gain access. I would expect that cryptographic means will start to be
used more to guarantee identity and the security of individual
connections and it is possible that the firewall will start to play
less of a role in this respect. The alternative is that firewall
operators will effectively block the ability to reconfigure so that
they can ensure the security of a given networks connection(s). In
short, the first thing we need to do is have a debate on the security
policies we need to guide how we secure an IPv6 based network. The
technical aspect will then follow on from this and should not present
serious difficulties.
Mark
Maybe you could kick the debate off formally Stuart!!
|
| 1742.5 | .2 = finger trouble | WOTVAX::pc0653.olo.dec.com::Tim_Banks | | Wed Jan 29 1997 15:05 | 9 |
| Sorry, RE: .2 finger trouble, should have gone in as a new note.
Tony, the tool I am looking for automates the allocation of addresses, once
that has been done, DNS can track the name/address match - but you still need
a procedure and system to ensure that the allocation is done correctly.
However if that tool could write named zone files as well.......
Tim
|
| 1742.6 | | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 29 1997 15:19 | 6 |
| What I mean, Tim, is that if you manually maintain the appropriate file(s) in
the /etc/namedb/src directory, then the /etc/named/Makefile will create the zone
files for you. Of course whether they will contain exactly what you want is
another matter ...
T
|