CMSR External Access Restrictions

The CMSR database is currently open on CERN central firewall for the port 10121 - Oracle's listener port - allowing applications (for example PhEDEx) to connect from outside of the CERN network. This access is currently protected with a trigger that display exception when a connection from an unauthorized IP is attempted. This however is not very secure. Some time ago we have discussed replacing the trigger with a set of firewall rules, which in turn provide much better security.

For 2 months we were logging the IPs of servers for which the connections were accepted by the trigger, and out of this we have compiled the list of firewall rules to be deployed on the servers (please see the attached excel for details). The rules typically include larger subnets of retrospective organizations, not just the servers that were connecting.

-- EmilPilecki - 2015-05-19

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2015-05-19 - EmilPilecki
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    DB All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback