[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

1856.0. "DECrepeater 900's and Security" by HITIT::KAYI () Mon Jan 09 1995 18:42

    A government tender doc requires the following from a multi-Ethernet
    and FDDI HUB (we are offering
900s with DETMM and conc's, DECswitches, etc.)

<<The EEPROM where "access rights" are written on should be protected from
power failures...>>

First I considered "access rights" as being able to change HUB settings thru 
HUBwatch, however they sent a clarification document for the tender where they
specify "access rights" as:

<<It should be possible to define/set which client (PC's)
can talk to which clients on the same Ethernet segment>>

I think it is something different than eavesdropping or intruder detection.
Do we have any such thing, where we can specify for a repeater module (actually
modules, if they are assigned to the same segment) which of their ports should 
see each other.  

Is there anybody else who can do it?

I'll appreciate if someone can help asap.  Am I missing something????

Many Thanks,

Fusun/Turkey

T.R	Title	User	Personal Name	Date	Lines
1856.1		NETCAD::HERTZBERG	History: Love it or Leave it!	`Tue Jan 10 1995 17:28`	16
	You are correct that what they are describing is neither intrusion nor eavesdropping security. We have no such feature in our repeaters. >> Is there anybody else who can do it? I don't know a definitive answer to this question, but most vendor's designs aren't terribly different than ours in how the repeaters are built. That being the case, I wouldn't be surprised if the answer to this question was NO. It doesn't sound like you're missing anything. More likely the government agency making this request doesn't understand exactly what they want, or else is unaware that what they are asking for is not an available feature of repeaters. Marc
1856.2	They've got repeaters confused with bridges perhaps...	NETCAD::BATTERSBY		`Tue Jan 10 1995 20:53`	10
	>It doesn't sound like you're missing anything. More likely the >government agency making this request doesn't understand exactly what >they want, or else is unaware that what they are asking for is not an >available feature of repeaters. Perhaps the requestor of the government agency thinks that repeaters can "filter" on a per port basis like a bridge can, which obviously repeaters wern't intended to be able to do. Bob
1856.3		CGOOA::PITULEY	Ain't technology wonderful?	`Wed Jan 11 1995 13:09`	10
	Um...perhaps what the gov't agency is after is a SynOptics-like ability to do per-port security. SynOptics does this by building a table that holds valid HW addresses for each port. No other address will be able to pass data on that port.... Perhaps... Brian Pituley NPC, Calgary
1856.4		NETCAD::HERTZBERG	History: Love it or Leave it!	`Wed Jan 11 1995 16:59`	8
	re: -.1 That's intrusion protection. We do this already, with the number of addresses supported per port variable depending on the product. What .0 says they are asking for is a filtering function as Bob mentioned, but he wants it to happen between nodes on the _same_ LAN. Certainly our repeaters don't do this.
1856.5	We may be talking about the same thing but...	NETCAD::BATTERSBY		`Wed Jan 11 1995 17:31`	6
	Besides, we all know there's the "Digital Dictionary", the "Industry standard Dictionary", and the "Government Agency Dictionary". We may all be talking the same thaing, but sometimes it takes a while to sort it out. :-) Bob