[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Handle-info] Opening ports 2641, 8000 in firewall for only handle.net
Jane,
Often when attempting to provide handle services to our community,
there are restrictions imposed that require either a specific IP
address or range of addresses to restrict an open firewall port to.
To many IT firewall managers and system admin, just opening a firewall
port to the whole world is unacceptable from a security standpoint.
It would be advisable that CNRI at least provide an address range so
that we can continue to promote CNRI handle services as a realistic
solution in enterprise situations where security may require more
restrictive practices. Otherwise, in an effort to maintain the same
levels of security, enterprises with firewalls will restrict to the IP
they discover queries coming from, which will increase failures within
your handle resolver network when there are more than one or the
specific IP within a range is unpredictable.
For instance, the IP range for the "CNRI - HNDL" registrant of
hdl.handle.net can be discovered easily via the web as
"038.100.128.112 - 038.100.128.127". I expect if there is no
recommended range provided by CNRI, that it would be an acceptable
compromise to use this as a range of IP to restrict access to from the
Global Registry?
Please advise,
Mark
--
Mark R. Diggory
@mire - http://www.atmire.com
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info