unknown access .... locked

[John E. Malmberg]

> 
> My OpenVMS is online on the internet
> and I had to add few line at the end of SAMBA_STARTUP.COM;
> $ tcpip set servi smbd /acc=network=192.168.3.0

This is a good thing to do for your specific case, as it implies that 
you have more than one physical network adapter.

There are also settings in smb.conf to restrict the interface that will 
be used, so that NMBD will also be protected.


> $ tcpip set servi swat /acc=host=127.0.0.1

This may be a good default, for experts only to change.



If you only have physical network adapater on your OpenVMS system, then 
you have not done anything to help your network security.


Under no circumstances should you ever allow any SMB traffic to reach 
the Internet or any other hostile network.

The same is true for any other LAN protocols, even the non TCP/IP ones.
A cable modem connection is a bridge, not a router, and can pass any 
type of ethernet packet to all of the other customers of your broadband 
ISP under certain circumstances.  And while the ISP may claim that the 
packets are filtered, I recommend not relying on that to be always true.


While a properly configured OpenVMS system does not require a firewall, 
there are several advantages to having one.

One of the main ones is that the firewall will handle the typical noise 
that is on the public internet or broadband connection.  This noise 
include ARP traffic that on some broadband networks can put a noticable 
load on your system.

A hardware firewall also isolates you from denial of service or other 
like attacks.  If the harware firewall crashes, your internal network 
survives.

-John
wb8tyw at qsl.network
Personal Opinion Only