Berend De Schouwer wrote:
>Don't you only need a little bit for the key? 128bit encryption is slow
>enough for a file system.
>
The default size of the RSA key signature generated by the 'ipsec
rsasigkey' is 2048 bytes, I think. I suppose that would fit on the BOOTROM.
>>>The mkinitrd alrea
On Fri, 2002-03-08 at 18:35, Jason A. Pattie wrote:
> Berend De Schouwer wrote:
>
> >>>*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> >>>and the server. Allow the home directory to be mounted only through the
> >>>VPN.
> >>>
> >>A very good solution and one that is no
Berend De Schouwer wrote:
>>>*** A possible solution may be to create a VPN(IPSEC) betweeen the client
>>>and the server. Allow the home directory to be mounted only through the
>>>VPN.
>>>
>>A very good solution and one that is not too hefty to implement.
>> However, how to you store "securely"
On Thu, 2002-03-07 at 18:19, Jason A. Pattie wrote:
> John Cuzzola wrote:
>
> >*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> >and the server. Allow the home directory to be mounted only through the
> >VPN.
> >
> A very good solution and one that is not too hefty to i
On Thu, 2002-03-07 at 19:34, Hans Ekbrand wrote:
> On Thu, Mar 07, 2002 at 10:19:52AM -0600, Jason A. Pattie wrote:
> > John Cuzzola wrote:
> >
> > >*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> > >and the server. Allow the home directory to be mounted only through t
"Michael H.Collins" wrote:
> David Johnston wrote:
> "Michael H.Collins" wrote:
>>>What is that user doing in the building, and or how is he allowed to
>>> bring a laptop in from the outside and plug it in. This is the bad
>>> security i see.
>>Michael, you are right that there is no substitute f
There is security and then there is security I guess.
The military tried to teach me that an evolution is either secure or it
is not.
In your scenario there a complete lack of security as I see it. I know
what you are talking about even if I cannot call it secure.
On Thu, 07 Mar 2002 15:30:52
"Michael H.Collins" wrote:
>
> What is that user doing in the building, and or how is he allowed to
> bring a laptop in from the outside and plug it in. This is the bad
> security i see.
>
> Homie don't play dat.
Michael, you are right that there is no substitute for physical
security. Howeve
On Thu, Mar 07, 2002 at 10:19:52AM -0600, Jason A. Pattie wrote:
> John Cuzzola wrote:
>
> >*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> >and the server. Allow the home directory to be mounted only through the
> >VPN.
> >
> A very good solution and one that is not t
On Thu, 7 Mar 2002, Jason A. Pattie wrote:
> John Cuzzola wrote:
>
> >*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> >and the server. Allow the home directory to be mounted only through the
> >VPN.
> >
> A very good solution and one that is not too hefty to implement
>>After contemplating the matter for a while, I still think it is a
>>serious security risk. As far as I know there is no password
>>authenication involved with NFS, so you only have to a) bind to a low
>>port and b) use the same UID on the client as the user that has files
>>on the NFS share that
John Cuzzola wrote:
>*** A possible solution may be to create a VPN(IPSEC) betweeen the client
>and the server. Allow the home directory to be mounted only through the
>VPN.
>
A very good solution and one that is not too hefty to implement.
However, how to you store "securely" the secret keys f
Hans Ekbrand wrote:
>On Thu, Mar 07, 2002 at 11:34:43AM +0100, Romme wrote:
>
>>Some of the security risks described can be managed
>>by keeping a list of 'known' mac-adresses on the
>>server.
>>This list can then be used by dhcpd, but also by
>>iptables to filter on mac-address.
>>
>
>That's a g
> After contemplating the matter for a while, I still think it is a
> serious security risk. As far as I know there is no password
> authenication involved with NFS, so you only have to a) bind to a low
> port and b) use the same UID on the client as the user that has files
> on the NFS share that
Hans,
you are not wrong. if security is a very big concern, use samba
instead of nfs. samba will do just about any authentication you want since
it can be compiled to use PAM (Pluggable Authentication Module). julius
On Thu, 7 Mar 2002, Hans Ekbrand wrote:
> On Wed, Mar 06, 2002 at 12:02
On Thu, Mar 07, 2002 at 08:41:33AM -0600, Michael H. Collins wrote:
> What is that user doing in the building, and or how is he allowed to
> bring a laptop in from the outside and plug it in. This is the bad
> security i see.
You probably missed the beginning of this thread. It was about using
L
What is that user doing in the building, and or how is he allowed to
bring a laptop in from the outside and plug it in. This is the bad
security i see.
Homie don't play dat.
$Now, consider a malicious user, who has prepared his laptop at home,
$plugs it in to the local network, uses the same i
On Thu, Mar 07, 2002 at 11:34:43AM +0100, Romme wrote:
> Some of the security risks described can be managed
> by keeping a list of 'known' mac-adresses on the
> server.
> This list can then be used by dhcpd, but also by
> iptables to filter on mac-address.
That's a good idea. It makes the descri
Some of the security risks described can be managed
by keeping a list of 'known' mac-adresses on the
server.
This list can then be used by dhcpd, but also by
iptables to filter on mac-address.
grtx,
Johan Romme.
At 10:00 7-3-2002 +0100, Hans Ekbrand wrote:
>After contemplating the matter for a
On Wed, Mar 06, 2002 at 12:02:04AM +0100, Hans Ekbrand wrote:
> On Tue, Mar 05, 2002 at 05:26:58PM -0500, Julius Szelagiewicz wrote:
> > On Tue, 5 Mar 2002, Hans Ekbrand wrote:
> > > I was not thinking on system security, but the security you would want
> > > to grant the *users*, e.g. that no cra
On Tue, Mar 05, 2002 at 05:26:58PM -0500, Julius Szelagiewicz wrote:
> On Tue, 5 Mar 2002, Hans Ekbrand wrote:
> > I was not thinking on system security, but the security you would want
> > to grant the *users*, e.g. that no cracker (other user) wipes out their
> > research project files.
> Hans,
21 matches
Mail list logo
