−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− To configure the machine red: blue logs in to red as Ublue, and can request and send files regardless of who started the call. blue can read and write to all directories on red except the redonly directory, and can execute any command. Any other machine logs in to red as nuucp, and can request files regardless of who started the call, but will send files only when it calls. Other machines can read and write only from the public directory the default, and can execute only the default list of commands. −− Uncomment following lines on the host red LOGNAME=Ublue MACHINE=blue READ=WRITE=COMMANDS=ALL NOREAD=redonly \ SENDFILES=yes REQUEST=yes LOGNAME=nuucp MACHINE=OTHER SENDFILES=yes REQUEST=yes −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− To configure the machine black: red logs in to black as Ured, and can request and send files regardless of who started the call. red can read and write to all directories on black except the blackonly directory, and can execute any command; other machines are not allowed. −− Uncomment following lines on the host black LOGNAME=Ured MACHINE=red READ=WRITE=COMMANDS=ALL NOREAD= blackonly \ SENDFILES=yes REQUEST=yes −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

24.7.2 Additional Security in Version 2 UUCP

Version 2 UUCP provides five files for controlling remote system access. usrlibuucpUSERFILE — This file controls local access of files and directories. This is the text file with entries that specify four constraints on file transfer: Which file can be accessed by a local user 1. Which file can be accessed by a remote system 2. The login name that a remote system must use to talk to the local system 3. Whether a remote system must be called back by the local system to confirm its identity 4. The entry format is: user_name,system_name [c] path_names where user_name The login name for a remote user or the name of a local user system_name The name of a remote system c An optional call−back flag; if exists, the local uucico must call back the remote system in order to establish its identity before the next conversation can occur path_names A list of absolute paths separated by blanks; a blank field indicates open access to any file • 619 rmail rnews lp who Special attention should be paid if new commands are added; some sufficiently general commands like cat can override the security restrictions. • usrlibuucpSQFILE — This file is an optional file that keeps a record of the conversation counts and datetime of the last conversation for a particular system. The file contains an entry for each system that the conversation count check is performed. The remote system must also have a corresponding entry for this system in its SQFILE. • usrlibuucpFWDFILE — This file controls the ability of remote systems to forward files through the system to other connected remote systems. • usrlibuucpORIGFILE — This file is also available on some UUCP implementations with the same function as the FWDFILE. • 620

Chapter 25: Intranet

25.1 Introduction to Intranet

The enormous growth of the Internet has continued since its introduction. Everybody realized very quickly the benefits of being connected to the Internet. The first Internet consumers were recruited from the academic environment. Businesses followed. Home users joined the race. Soon the Internet became overcrowded. Two main problems emerged: Security concerns — Each networked computer was accessible and exposed to potential attackers and intruders. The business systems were the most vulnerable, and they had to be better protected. 1. The Internet address capacity was saturated — Each computer in the network consumes at least one IP address, and the IP addressing mechanism was quite limited in providing needed addresses. 2. The solution was found in the intranet. An intranet presents a private network with an arbitrary number of participating hosts that is connected to the Internet at a single point or more precisely a few points. It means that the whole intranet appears in front of Internet as a single participant. It requires only a single, or a few, IP addresses at the Internet side, while internally it can provide all Internet services to an arbitrary numbers of hosts. In the intranet any IP address can be used, because this IP address never appears outside of the intranet. Intranets are only for internal use, so the same IP addresses can be repeated in many intranet networks. Traditionally the class A IP address 10.0.0.0 is reserved for intranet purposes. However, it is not mandatory to use just this address. Of course the implemented intranet IP addresses, whatever they are, must remain within the intranet itself. This is shown in the Figure 25.1. Figure 25.1: Intranet. 621