If you use a TOS (trusted OS - an MLS systems with similarly advanced
networking components), you could set up a network with 2 machines at
different security levels but using the same IP address. Each could
be configured to drop packets outside of a range of security levels
or classifications.
Thus if I was sitting at a "secret" machine my traffic would go to a
different host than when I was at a "confidential" machine. (Actually,
it would go to both hosts but one would ignore it.) In fact, you
could use this to partition the network in any way you wanted, with
partitioning of the network based on non-hierarchical, overlapping
partitions with some IP addresses in multiple partitions. You could
even impose this architecture on a mix of machines that includes many
standard, non-TOS hosts.
Conceivably this could be useful, but you may run into little problems
and there are probably better ways of doing it.
paul
---------------------------------------------------------
Paul A. McNabb, CISSP Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
[EMAIL PROTECTED] Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
> On Tue, Dec 14, 1999 at 05:14:04PM -0500, Jimi Aleshin wrote:
> My dad works at the Department of Defense for the U.S government and was
> telling me that he has like 200 computers in the area of where they work and
> (of course) a server. He was telling me (I might have heard him wrong) that
> 2 machines are able to have the same IP address on their own local network.
> I don't know if this is true or not? By the way, those computers are not
> connected to the internet, except two unclassified ones are. What do you all
> think?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
