-----BEGIN PGP SIGNED MESSAGE----- On Fri, 6 Dec 1996, Ken Kirksey wrote:
1) Is it technically possible for them to limit access to only approved IP addresses? If so, how can they do this, and is it possible to get around these measures.
Packet filters can do this. This could be thwarted by using a proxy located on a trusted host. There are more complicated ways (source routing, IP spoofing, etc.) but these would require the cooperation of the target host. Very improbable.
3) In general, how would you use crypto to ensure that your users only connected to approved sites, regardless of the platform or browser software they were using?
Crypto would probably only be used for authentication. A simple password system would work, but wouldn't be as secure, of course. The ISP could pass the packets through the appropriate filter rules depending on the user. I don't know how much overhead would be associated with this technique, but it seems to be the most secure way to do this.
I asked the guy to send me some technical details. If I receive them, I'll share unless he makes me sign an NDA.
Ken
Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqjCVSzIPc7jvyFpAQE7egf+OMTzXyu/zzEg1+KE1v1/LgoyKXFc6QSr 7X5cqhyyX7kDzjUC+g/yklu9AQK1PRpM8SsYTP5uSSEWW/joBjMmUaVPdlnTctgD Osa8rE2EPL1QkojK3thEaSn5OrxAzmEvTYnhJH53c2WIPFpsGm1Ipi9SHaMGQtgY xFFR03gRSN1TeiULYzQHWXdovKFWFFNtYNgGTHd1et/TJvr67E30zRjOMIP0fD21 GN6fOPMsbbdtEwQsohrUkdsR+kMcOJDtYvBP/eJm4WCiie8SrEhCBSS7SKmkaWzX zzc/UOIX3/LY9t5dt52fO4T8vNfoSsc4plc5wIsDkJbdbBwc9RlCsw== =tFgY -----END PGP SIGNATURE-----