Conference vaxaxp::alphanotes

   I will assume OpenVMS given the device names...  (This is the generic
   Alpha conference.)

   I'll e-mail you the new "connecting a modem" chapter going into the
   Raven documentation set...

   Yes, there are definitely security considerations when a modem is
   connected to the console: you likely have no security. 

   I'd look at setting up a modem pool -- as documented in the chapter I
   am mailing -- via a DECserver.

    In general there are security issues connecting a modem to the system
    console (OPA0), but this is OPA1, so I don't the OPA0 concerns are
    relevant.
    
      Furthermore, you intend to use the port for DSNlink communications. In
    that case the DSN$SERVER process owns the port permanently. Since it runs
    a proprietory protocol, with (rather weak) crypro authentication, it would
    be unlikely that a casual intruder would be able to establish a connection.
    Even if someone did crack the protocol and the site's authorization key,
    they'd be rather limited in what they can do from the outside. It's pretty
    much restricted to copying files to a single directory (DSN$COPY_DIRECTORY)
    or sending MAIL to a VAXmail address.
    
    There is a quasi-cterm protocol for logging onto the system, but that's
    still protected by normal username/password, and it must be explicitly
    enabled for a specific time window by the customer using the DSN AUTHORIZE
    command.
    
    Note that DSNlink can also use a modem on a DECserver, or X25 or (if
    you're internal) DECnet. I believe there will also be internet access
    some time soon.
    
    Now, while I wouldn't recommend what you're doing for a high security
    site, I'd say it's probably somewhat more secure than an ordinary modem
    attached to a serial port.
    
    						John Gillings, Sydney CSC

    re .2
    
    I suppose there might be windows of time during which DSNlink wouldn't
    have the port allocated (e.g. before running, if it falls over) but
    that shouldn't expose the system if OPA1 has no operator console
    functionality.

    
    	Forgetting security, don't do it.  I cannot remember if the 2100 is
    one of the systems we sort of do modems correctly.  Will try to
    remember to ask the person who did the work for the 2100.  In general
    the OPAx ports on the Alpha systems don't function all well.
    
    
    Forrest

I suggest reading through MVBLAB::SABLE.NOTE for information on modems and 
the 2100.  In genernal, I think you'll have less problems if you keep the 
modem on the TTA0 port.  Baud rate selection, errors at >9600 baud, and 
modem controls have always been problematic on OPAx ports.  Be sure to use 
a full cable, NOT 6-wire DECconnect cable for modems.



							-Paul

:Be sure to use  a full cable, NOT 6-wire DECconnect cable for modems.

   MMJ 6-wire should work fine for limited modem control.

    
    	MMJ 6 wire will not cut it for modems with VMS.  Use it at your own
    peril, the system may not let you log in.  Then again based on the
    connector it may, but not see the modem drop.  Leaving the line open
    for anyone to pick up the process of the last person using the line if
    they did not log out.
    
    	I have the scars to prove just how stupid an idea it was to put
    MMJ only connectors on many of the VAXstations.  But the then boss Ken 
    won out and we shipped them that way.  Ask Kenny House how many times
    he dealt with pissed off customers over this piece of stupidity.
    
    
    Forrest

    re .7
    
    Didn't you mean "former" customers?
    
    -- Kenny House