Specifications

Table Of Contents

Niagara Release 2.3

Niagara Networking & Connectivity Guide Revised: May 22, 2002

CHAPTER

6–1

Using Security Technologies

This section discusses the issues associated with installing and using Niagara hosts

in a secure environment. It has the following main topics:

• Security Considerations

• Using a Firewall or Proxy Device

• Default Niagara Port Numbers

• Using a Virtual Private Network

Security Considerations

Any host connected to the Internet is vulnerable to attacks by someone else in the

Internet community. This is especially true of any host that stays connected to the

Internet virtually full time. Niagara hosts that may be vulnerable include:

• Any Niagara host connected to a company’s LAN and which has a public

IP address. The Web Supervisor shown in Figure 3-1 and Figure 3-2 is an

example of one such host. Note that Company ABC has implemented a

firewall on the LAN to lessen the vulnerability.

• Any Niagara host directly connected to an ISP and which has a public IP

address. The hosts shown in sites 5 and 6 of Figure 5-1 and most of the hosts

in Figure 5-2 meet this criteria.

Typically, Windows-based hosts are more vulnerable than JACE-4/5s. This is not a

function of the Niagara software, but of two other factors:

• in Windows, there are many access points open by default that attackers can

exploit. For a discussion of some of these, see “Disabling Open Ports on

Microsoft Windows NT 4.0,” page 6-22. In contrast, the VxWorks OS has

fewer access points enabled by default (although you can open some, see

“Guidelines for VxWorks-based Niagara Hosts,” page 6-3).

• the widespread availability of the Windows OS itself. Because the VxWorks

OS is less common, people have not taken the time to figure out how to attack

it.