-- Betty McBreen 631-344-5111 Fax 631-344-1334 ----- Original Message ----- From: "RCF/USAtlas Staff" <rcfstaff@bnl.gov> To: <rhic-rcf-l@lists.bnl.gov>; <rhic-software-l@lists.bnl.gov>; <usatlas-users-l@lists.bnl.gov> Sent: Friday, January 18, 2002 1:01 PM Subject: [Rhic-rcf-l] ITD Blocking Inbound SSH to Subnet 80 > > As discussed in the last five RCF Liaison meetings, ITD Cyber Security > wants to shutdown inbound port 22 (ssh) connections to the Lab except > for gateway machines. We have been waiting for the approval of the > RCF and Atlas gateway machines and then confirmation of the rules > being put in place on the BNL firewall before announcing that inbound > ssh would be cutoff. Today I received the final confirmation that the > firewall rules are in place. Due to ongoing probes of port 22 and the > compromising of machines at the Lab, ITD wants to move today on > shutting down port 22 access. I have agreed to blocking inbound port > 22 for the 80 subnet except for the gateway machines listed below. > The effect of blocking inbound port 22 on subnet 80 is that anyone > with a machine on the 80 subnet will no longer be able to ssh directly > to their machine. They will have to first make an ssh connection to > one of the gateway machines. Outbound ssh will NOT be affected by > this change and the access to the RCF and Atlas Farms will not > change since you had to go through these gateway machines to get to > them anyway. I only have input for subnet 80, so machines on other > subnets will not be affected by this decision, but may be affected by > other people's decisions. If you have machines on other subnets, you > should contact the people responsible for those subnets. > > If you have any complaints or concerns about the blocking of incoming > ssh on the 80 subnet, please do not hesitate to call or send email to > me (x3110, throwe@bnl.gov) > > RCF/ACF gateway machines: > rssh.rhic.bnl.gov > rssh01.rhic.bnl.gov > rssh02.rhic.bnl.gov > rssh03.rhic.bnl.gov > rssh04.rhic.bnl.gov > atlasgw00.bnl.gov > atlasgw01.bnl.gov > rftpexp.rhic.bnl.gov > aftpexp.bnl.gov (not yet online) > > spin.riken.bnl.gov (not part of RCF/ACF, but on the 80 subnet) > > > Please pass this message on to other mailing lists, especially PHENIX, > since there are PHENIX machines on the 80 subnet. > > ------ > Tom Throwe (x3110, throwe@bnl.gov) > > > -- > This message forwarded from the RCF announcements page. > Recent messages are available at: > http://www.rhic.bnl.gov/RCF/Announcements/announce.html > > _______________________________________________ > Rhic-rcf-l mailing list > Rhic-rcf-l@lists.bnl.gov > http://lists.bnl.gov/mailman/listinfo/rhic-rcf-l >
This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 14:56:17 EST