RE: Encrypted network traffic
...and for a last shot at this one: CIPE It does encrypted P2P tunneling. Dana Bourgeois > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Paul Bijnens > Sent: Thursday, January 01, 2004 3:48 AM > To: Henson, George Mr JMLFDC > Cc: '[EMAIL PROTECTED]' > Subject: Re: Encrypted network traffic > > > [EMAIL PROTECTED] wrote: > > In a message dated: Tue, 30 Dec 2003 08:52:13 EST > "Henson, George Mr JMLFDC" said: > > >Is there support to have the network traffic to be > encrypted? We have > >several > >systems we would like to backup over the network, but we > have a mandate from > >our management that all the data transfers need to be encrypted. > > Different methods -- I never tried one. > One approach is to replace the gzip program with an gpg (with > builtin gzip and encryption). Maybe a bridge to far for your > problem, because the data on tape is encrypted too. But it is secure. > > See: > http://security.uchicago.edu/tools/gpg-amanda/ -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ...* * ... "Are you sure?" ... YES ... Phew ... I'm out * ***
Re: Encrypted network traffic
[EMAIL PROTECTED] wrote: In a message dated: Tue, 30 Dec 2003 08:52:13 EST "Henson, George Mr JMLFDC" said: Is there support to have the network traffic to be encrypted? We have several systems we would like to backup over the network, but we have a mandate from our management that all the data transfers need to be encrypted. Different methods -- I never tried one. One approach is to replace the gzip program with an gpg (with builtin gzip and encryption). Maybe a bridge to far for your problem, because the data on tape is encrypted too. But it is secure. See: http://security.uchicago.edu/tools/gpg-amanda/ -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ...* * ... "Are you sure?" ... YES ... Phew ... I'm out * ***
Re: Encrypted network traffic
The amanda24 branch (but not yet in any release) now has working support for Kerberos 4 authentication of dump requests and encryption of dump streams. Note that in addition to encrypting the data stream, it is important to ensure that only authorized dump servers can cause clients to send backup data. I have thought about setting up IPsec, and I think if one fixed the ports used by amanda that would be fairly easy to do in the SPD. NetBSD and racoon didn't support (at the time) dynamic SA generation from per-socket policy, which is how I first thought of doing this. -- Greg Troxel <[EMAIL PROTECTED]>
Re: Encrypted network traffic
Hello George, Hm, you could use ssh to create an encrypted tunnel (point the machine to look at localhost, then tunnel from localhost to your backup server), create a similar SSL tunnel between the client and backup server, or use an IPSec VLAN between the client and backup server. I hope this helps, Tim On Tue, 30 Dec 2003, Henson, George Mr JMLFDC wrote: > All, > > Is there support to have the network traffic to be encrypted? We have several > systems we would like to backup over the network, but we have a mandate from our > management that all the data transfers need to be encrypted. > > Thank you in advance, > George Henson >
RE: Encrypted network traffic
Maybe getting a little OT, but you could use racoon, on *BSD at least, and have a different key pair for each side of the data transfer, that automatically re-keys at a specified time period. So you would end up having to compromise 3 key pairs total to get at your data (1 for IKE phase 1, and 1 pair each for each side of the security association). You could then use gpg to encrypt the data on tape. :) Drew On Tue, 2003-12-30 at 10:38, Gregor Ibic wrote: > I would say, encrypt it on a lower layer like IPSEC. > > regards, > gregor > > > > Intelicom d.o.o. > Security software company > http://www.intelicom.si > email: [EMAIL PROTECTED] > > >
RE: Encrypted network traffic
Title: Encrypted network traffic I would say, encrypt it on a lower layer like IPSEC. regards, gregor Intelicom d.o.o.Security software companyhttp://www.intelicom.siemail: [EMAIL PROTECTED]
Re: Encrypted network traffic
In a message dated: Tue, 30 Dec 2003 08:52:13 EST "Henson, George Mr JMLFDC" said: >Is there support to have the network traffic to be encrypted? We have several >systems we would like to backup over the network, but we have a mandate from >our management that all the data transfers need to be encrypted. A perfectly reasonable mandate IMO. The easy way to add it would be to use sslwrap: http://www.rickk.com/sslwrap/ The nice thing about sslwrap is that it can be layered onto any existing service without any modification to the services you wish to encrypt. The other, probably more complicated, though possibly more secure method is to tunnel amanda through ssh. Also, a Google search turned this up: http://cns.utoronto.ca/~pkern/stuff/amanda-patch/Readme I have no idea how well it works. HTH. -- Seeya, Paul GPG Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE If you're not having fun, you're not doing it right!
