IPP> SEC - IPP and firewalls

IPP> SEC - IPP and firewalls

IPP> SEC - IPP and firewalls

philip at raptor.com philip at raptor.com
Mon Jun 30 20:01:27 EDT 1997

--simple boundary
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Michael W. Bringmann wrote:
> [snip]
> > The kind of restrictions that a firewall might impose include:
> >
> > - Only requests from a set of known TCP/IP address ranges
> > - Only one copy of each document
> Why would a firewall restrict the number of copies of a document?
> Would the firewall scan the data stream for the IPP 'copies' attribute
> and abort the document if it were present?

The general principal is that the firewall (or choke point) is the one
place where corporate policy can be enforced. If the scenario of
having a a printer which behaves like a fax machine (for receiving
messages), then it may be that the firewall would want to ensure that 
documents received from the outside are 'well behaved'. 

In the ideal world, this would merely be a configuration issue for the
print server, but we see (in the real world) that not every
is adequate. For example (in the browser area), corporate policy might
be that each user must be running a 'safe' version of a browser in order
to get external access. The firewall can enforce this by checking the
User-agent header field in each request to ensure that this rule is
being obeyed. [In the ideal world, the browsers would not be buggy!]

If you have a large number of individual destinations (or sources) then
it may be easier to apply control at the choke point, rather than hope
that all the end systems are configured correctly, and the appropriate
set of patches applied.

> > - Only black & white printing

I would like to be able to enforce any restrictions by performing
very simple manipulation of the data. Inserting/removing fields at
the front of the document is nice (read: easy).


Philip Gladstone                           +1 617 487 7700
Raptor Systems, Waltham, MA         http://www.raptor.com/

--simple boundary--

More information about the Ipp mailing list