About This Guide

The WebFORCE Firewall Administrator's Guide is intended for the person(s) responsible for network security at your site. Knowledge of UNIX® and network administration is assumed. The guide provides detailed information on how to configure the IRIX™ operating system to prevent unwanted access to your internal, trusted network hosts.

This document does not address how to first connect to the Internet (see the WebFORCE Welcome page for the local link Connecting to the Internet). Also, it does not provide details on general system and network administration, but should be used in conjunction with the IRIX Advanced Site and Server Administration Guide.

The WebFORCE Firewall Administrator's Guide is primarily concerned with helping you to construct a firewall—a system that separates your internal network from the external world, such as that represented by the Internet. Information is also provided to help you locate additional information sources and security tools, as well as vendors that supply various security-related products.

This document contains the following chapters:

Caution: The WebFORCE Firewall Administrator's Guide contains suggestions only, and Silicon Graphics can accept no liability for use or misuse of it. No document can be expected to address all details of security issues at your site. By understanding the underlying issues and making informed decisions regarding the degree of security you want to provide, you can create the kind of environment that best suits your needs. By monitoring your site and keeping up-to-date with developments in network security, you should be able to adjust and tailor your environment to ensure security while responding to user needs.

Style Conventions

In this document, text that appears on the screen, for example in an editing session, is shown in a typewriter-style font:

This is on the screen

Filenames and UNIX commands are shown in italics for example, the file and pathname /var/sysgen/master.d/bsd is printed like that.

When user input is shown, for example at a system prompt, the text is in bold as follows:

# autoconfig -f

The prompt is always shown as the superuser prompt (#) because use of the instructions in this document requires superuser privileges.

In some cases, screen output of a line of text must be broken to fit on the page of the printed copy. When this is done, a backslash (\) is placed in the far right column of the broken line to indicate that the line continues, for example:

tftp dgram udp wait guest   /usr/etc/tftpd  tftpd -s \ /usr/local/boot /usr/etc/boot

This is actually all one line of text.