The Gauntlet for IRIX Administrator's Guide is intended for the person(s) responsible for network security at your site. Knowledge of UNIX® and network administration is assumed. The guide provides detailed information on how to configure the IRIX™ operating system to prevent unwanted access to your internal, trusted network hosts.
This guide supplements, and in many cases overlaps, information provided by the user interface as you configure Gauntlet™ with forms which you access and modify using Netscape Navigator™. You may wish to look at this guide first to orient yourself, especially Chapter 1, “Firewall Basics,”, which provides an overview of the product. If you are familiar with firewalls and wish to begin configuration immediately, refer to your software release notes for information on installing the software with Inst, and follow the instructions provided in the browser forms. Note that the forms provide links to additional information during each step of the configuration process.
This document does not address how to first connect to the Internet (see the WebFORCE™ Welcome page for the local link Connecting to the Internet). Also, it does not provide details on general system and network administration, but instead should be used in conjunction with the IRIX Advanced Site and Server Administration Guide.
The Gauntlet for IRIX Administrator's Guide is primarily concerned with helping you to construct a firewall—a system that separates your internal, trusted network from the external world, such as that represented by the Internet. Information is also provided to help you locate additional information sources and security tools, as well as vendors that supply various security-related products.
 | Caution: The Gauntlet for IRIX Administrator's Guide contains suggestions only, and Silicon Graphics can accept no liability for use or misuse of it. No document can be expected to address all details of security issues at your site. By understanding the underlying issues and making informed decisions regarding the degree of security you want to provide, you can create the kind of environment that best suits your needs. By monitoring your site and keeping up-to-date with developments in network security, you should be able to adjust and tailor your environment to ensure security while responding to user demands. This document and the Gauntlet software can go a long way in helping you establish secure network access, but you remain responsible for actively maintaining and refining network security. |
This guide contains the following chapters and appendixes:
Chapter 1, “Firewall Basics”—Describes the role of a firewall—what it is, what it can do for you, and what it can't do for you. This chapter also provides a basic description of Gauntlet functionality and design considerations.
Chapter 2, “Initial Configuration”—Discusses network hardware configuration (that is, how to situate your firewall in your network design), and provides a checklist to help you address areas of concern when implementing your firewall.
Chapter 3, “Management Interface”—Covers the actual step-by-step configuration of the Gauntlet firewall host by use of a forms-based browser. Also provides information and pointers for those who prefer to edit system files and use the command line interface directly.
Chapter 4, “Daily Operation and Maintenance”—Provides information on using reports and log files to monitor Gauntlet operation. Also provides pointers to additional documentation and network resources related to security issues.
Appendix A, “Gauntlet and IRIX”—Provides a few notes on how the Gauntlet installation is integrated into the base IRIX operating system
Appendix B, “Sample Reports”—Contains a few samples of the reports that the Gauntlet host can generate.
Appendix C, “Configuring World Wide Web Clients”—Describes use of some popular World Wide Web browsers with the Gauntlet firewall.
In this document, text that appears on the screen, for example in an editing session, is shown in a typewriter-style font:
This is on the screen |
Filenames, IRIX commands, and browser buttons are shown in italics; for example, the file and pathname /var/adm/SYSLOG is printed like this.
When user input is shown, for example at a system prompt, the text is in bold:
# passwd gauntlet |
The prompt is always shown as the superuser prompt (#) because use of the instructions in this document requires superuser privileges.
This section provides pointers to various existing resources to help you secure your network.
 | Note: The lists of references, vendors, and so on is necessarily incomplete, and no mention should be construed as an endorsement by Silicon Graphics. |
The following books provide additional information on network configuration and network security.
Firewalls and Internet Security, Steven Bellovin and William Cheswick, 1994. Addison-Wesley. ISBN 0-201-63357-4.
Internetworking with TCP/IP, Douglas Comer, second edition, 1991. Prentice-Hall, Inc. ISBN 0-13-468505-9.
UNIX System Security, David A. Curry, 1992 Addison-Wesley. ISBN 0-201-56327-4.
Practical Unix Security, Simson Garfinkle and Eugene Spafford, 1991. O-Reilly & Associates, Inc. ISBN 0-937175-72-2.
Internet resources relating to system and network security include answers to frequently asked questions (FAQs) from various newsgroups; documents concerning the history, practice, and theory of security; bulletins on new security issues; interactive mailing lists discussing security issues; and so on. World Wide Web pointers (URLs) are provided here rather than including the material in full as it is frequently updated.
http://www.telstra.com.au/info/security.html—many links to general network security information including security-related mailing lists.
http://www.sei.cmu.edu/SEI/programs/cert.html—The Computer Emergency Response Team (CERT) Coordination Center was established by the Advanced Research Projects Agency to coordinate information regarding security threats for Internet users.
http://ciac.llnl.gov/—The U.S. Department of Energy Computer Incident Advisory Capability page has links to advisory bulletins, mailing lists, documents and more.
ftp://ftp.tis.com/pub/firewalls/faq.current—Firewall FAQ - Frequently Asked Questions and answers concerning firewalls.
ftp://ftp.uni-paderborn.de/doc/FAQ/comp.security.unix/—General UNIX security FAQ.
http://www.alw.nih.gov/Security—Links to a wide variety of security-related resources including multiple FAQs.
http://www-ns.rutgers.edu/www-security/index.html—A home page for security issues related to the World Wide Web.
ftp://thumper.bellcore.com:/pub/nmh/skey—Documentation and source code for S/Key authentication software.
ftp://ftp.nrl.navy.mil/pub/security/nrl-opie/—source code for any POSIX-compliant UNIX system for OPIE (One-Time Passwords In Everything). OPIE is downward-compatible with the S/Key authentication software described in Chapter 3.
Note that URLs change and some of these may already be out of date. Use a good WWW search tool and search for various key words such as “network security” and “firewall” to find others.
The issues can be complex and confusing when trying to find the best way to connect to the Internet. The WebFORCE Welcome page includes a local link “Connecting to the Internet” which provides basic information and pointers to help you if you have yet to establish an Internet connection.
Contact your Silicon Graphics sales representative for information on the Netscape Proxy Server™ for IRIX and other Internet-related hardware and software tools.