home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 2.5 The World Wide Web Chapter 2
Internet Services
Next: 2.7 Information About People

2.6 Other Information Services

Many users also want access to additional information services; Gopher, WAIS , and Archie are the most popular.

Gopher is a menu-oriented, text-based tool that helps users find information on the Internet. "Gopher" isn't an acronym for anything; it was developed at the University of Minnesota, whose mascot is the "Golden Gopher." Information on a Gopher server is organized as a series of hierarchical menus from which a user selects items. Each item can be a file, a form, or an additional menu, with its own items. There are a number of different Gopher clients available, including free, shareware, and commercial clients for Windows, Macintosh, and UNIX . Gopher clients and servers use an extensible data scheme, much as Web clients and servers do, and are thus subject to many of the same security concerns.

Wide Area Information Service ( WAIS ) was developed by a consortium of companies: Thinking Machines, Apple, Dow Jones, and KPMG Peat Marwick; the development was led by Brewster Kahle. A WAIS user submits a simple query (typically a keyword or a phrase), and the WAIS server sends back a list of the documents containing those words, along with a score for each document. This score is a composite of the number of times the keywords are mentioned and the length of the document; shorter documents get higher scores, as do documents that mention the keywords more often. The list of documents is returned sorted by score, so that with any luck the most relevant documents appear first in the list. The server maintains extensive indexes of the contents of all the documents on the server to allow it to do these searches efficiently. There are currently several hundred WAIS servers on the Internet. You can access them with WAIS -protocol clients, or by using a Web browser to access one of the sites that provides HTTP-WAIS gateways (e.g., http://www.ai.mit.edu/the-net/wais.html ).

Archie is an Internet service that searches indexes of anonymous FTP servers for file and directory names. Archie servers typically provide service via Telnet and email in addition to dedicated Archie clients. Archie service providers generally prefer that users use dedicated Archie clients, because they impose less of a load on the server. Archie is also accessible through Web browsers via sites that provide HTTP -Archie gateways, such as the one at http://www.nexor.co.uk/archie.html . At this point, there are only about 20 Archie servers throughout the world, partly because of the significant resources (computing power, disk space, network bandwidth, and administrator time) required to run an Archie server, and partly because each Archie server searches much of the Internet for FTP 'able files on a regular basis. If there were a large number of Archie servers, so much bandwidth would be consumed looking for resources that it would be impossible to use the resources.

WAIS and Archie are less open to mischief than HTTP and Gopher, because they don't return data of arbitrary types. If a WAIS server advises you that a document is about gardening, and it turns out to be about manufacturing jewelry in your spare time, this may be annoying, but it's not a problem for the security of your computers. Unfortunately, providing access to some of these services may open other security holes unrelated to the service itself. For example, allowing your users to access Archie directly may allow attackers to access your NFS and NIS/YP servers, as we discuss in Chapter 8 .

Running servers is somewhat riskier. Unlike the clients, the servers for these protocols - including WAIS and Archie - accept arbitrary queries, and you must be sure that they aren't going to produce unexpected results. Any server that acts on requests from potentially hostile users is vulnerable to denial of service attacks and to executing unexpected commands on the server machine with the permissions of the server program.

Previous: 2.5 The World Wide Web Building Internet Firewalls Next: 2.7 Information About People
2.5 The World Wide Web Book Index 2.7 Information About People