Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: FW: Firewall/Mainframe info
From: "Stout, William" <StoutW @ pios . com>
Date: Fri, 12 Dec 1997 14:05:26 -0500
To: "'Firewalls @ GreatCircle . COM'" <Firewalls @ GreatCircle . COM>

I'm sorry, but are you asking for a firewall package that runs on a
mainframe?  ('scuse me for a second) <pause>
O.K., I'm back. <g>

If you really want to put a firewall on a mainframe, load TCP/IP for VM
or MVS, create a machine partition via VM or MVS, establish
ESCON/Bus&Tag device connections with a Cisco 7000 series or BTI box,
load (Hitachi) OSF/1 on the partition, then experiment with FWTK which
does run on a mainframe.  Be forewarned though, that I/O on a mainframe
is very expensive IP-wise (CPU in mainframe-speak).  Offloading the
TCP/IP stack processing onto a Cisco 7000 CIP card helps a bit, but I
haven't seen how it affects FWTK.  Both inbound and outbound connections
have to pass through (17MB/sec) escon or Bus&Tag connections, since
there are no machine<->machine internal TCP/IP communications on the
mainframe otherwise.

Machine partitions on mainframes is generally B1 certified, though
covert channels are possible by fluctuating the CPU load.  As if you
cared.

There is no advantage to running a firewall inside a mainframe
partition, other than you can write off the time spent as a real
>learning experience.  

Bill Stout

>----------
>From: 	Eriktauber[SMTP:Eriktauber @
 aol .
 com]
>Sent: 	Friday, December 12, 1997 7:01 AM
>To: 	Stout, William
>Subject: 	Firewall/Mainframe info
>
>I am looking for information about firewall protection for mainframes.
>
>Also, I need data about how to secure a site that has an Internet connection
>and mainframe boxes, mainly IBM 3090 from an outside attack.  
>
>It seems that all of the literature about firewalls deal only in the Unix/NT
>realm and ignore the mainframe world.
>
>Any help about where such info could be found is appreciated.
>
>Thanks
>
>Erik
>
>
>


Follow-Ups:
Indexed By Date Previous: Re: NT as a central intranet firewall
From: dons @ cadabratech . com (Don Shesnicky)
Next: Re: NT as a central intranet firewall
From: Bill Coutinho <coutinho @ dextra . com . br>
Indexed By Thread Previous: Re: Yahoo.
From: john <zaph0d @ phawd . com-stock . com>
Next: Re: FW: Firewall/Mainframe info
From: "Paul D. Robertson" <proberts @ clark . net>

Google
 
Search Internet Search www.greatcircle.com