use the data as in how? what application are you going to be running at
both ends? a tunneled solution is the proper choice here for something
like this, and ssh will work for that. remember your whole network is
only as secure as the cleint on the other end of the tunnel though, they
get hacked and yer open for attack via the tunnel, so, this has to be
taken into consideration.
Thanks,
Ron DuFresne
On Wed, 26 Jul 2000, Chris Mason wrote:
> First of all, I'm not using FTP at all. I want the client to be able to
> share data, not take it with them. SCP won't work, I don't want to copy the
> data. What I believe I need is a secure tunnel to the data, as if the client
> was on the local network.
> How can I do this?
>
> Chris Mason
> Box 340, The Valley, Anguilla, British West Indies
> Tel: 264 497 5670 Fax: 264 497 8463
> USA Fax (561) 382-7771
> Take a virtual tour of the island
> http://net.ai/ The Anguilla Guide
> Find out more about NetConcepts
> www.netconcepts.ai
> bwz*mq
>
> -----Original Message-----
> From: Jason K. Schechner [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 26, 2000 5:29 PM
> To: Chris Mason
> Cc: Ron DuFresne; J Weismann; [EMAIL PROTECTED]
> Subject: RE: Looking for firewall solution advice
>
>
> On Wed, 26 Jul 2000, Chris Mason wrote:
>
> > Everyone has jumped on me for putting data on the firewall, but no-one
> > has really given me a concrete example of a better way to go. I need
> > to stay with Linux open source solutions. My optimal solution might be
> > to use a SSH tunnel to the data, wherever on the LAN it is. However, I
> > don't actually know how to do that with a Windows client and a Linux
> > firewall.
>
> There are a number of things you could do. One of them would be to set up
> a separate network behind the firewall (let's call it the semi-trusted
> network) and put the FTP server on that. I've done setups like this
> before where the Internet could reach the semi-trusted net and the
> semi-trusted net could reach the internal net but no packets from the
> Internet could get directly into the trusted net. Another way to do this
> would be with a pair of firewalls:
>
> Internet -> FW -> DMZ/Semi-trusted -> FW -> LAN
>
> The two FW's there could be the same box if it's setup properly.
>
> Another option, or something you could do in conjunction with the setup I
> just described is give anyone who needs "FTP" access to that data an SCP
> client. F-secure's implementation of SSH has an SCP client, and I've seen
> SSH1 clients compiled for Windows freely available on the 'net. Wrap a
> batch file around it and your clients should be happy while keeping your
> accounting data as safe as reasonably possible. Remember that FTP is
> clear-text and if your clients are FTPing it over the net it's pretty
> simple to sniff.
>
> -Jason
>
> -----
> Jason K. Schechner - check out www.cauce.org and help ban spam-mail.
> =The difference between genius and stupidity is that genius has bounds.=
> ---There is no TRUTH. There is no REALITY. There is no CONSISTENCY.---
> ---There are no ABSOLUTE STATEMENTS I'm very probably wrong.---
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
