Hypothetical situation for networks
This is a 100% hypothetical situation, though would be interesting to see if it is possible. A company does some R&D work, which it wishes to keep classified from competitors. However, they have two main offices on opposite sides of the country. Not wishing to use sneakernet type file transfer, they wish to pass confidential material from one network to the other using the Internet. Now we all know that anyone with a little bit of knowledge can intercept the packets as they go past and read the information. Email is out, as they do use a system of file mirroring, keeping each set of data as a backup as well as for usage. Would make sense for them to use a type of NFS system, but is there an implimentation of secure (ie: encrypted) NFS available? OS doesn't really matter, as it is a hypothetical system, but we'll assume either some form of unix/linux, or perhaps winNT or novell NetWare. Thanks in advance for the info and knowledge...sorry if it's been asked before. -- Mike Jones -- CNA, CNE, pursueing MCNE and MCSE currently. email: Mkljones@cris.com Finger Mkljones@cris.com for Geek code and PGP key "They cannot scare me with their empty spaces Between stars--on stars where no human race is I have it in me so much nearer home To scare myself with my own desert places."
On Wed, 13 Aug 1997, Mike Jones wrote:
Would make sense for them to use a type of NFS system, but is there an implimentation of secure (ie: encrypted) NFS available?
OS doesn't really matter, as it is a hypothetical system, but we'll assume either some form of unix/linux, or perhaps winNT or novell NetWare.
Can NFS under solaris or linux be tunneled through SSH? That would seem feasable (that is if you can get SSH to tunnel a UDP...) If not, you could use microsoft's PPTP, but I wouldn't trust its cyphers. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
On Thu, 14 Aug 1997, Ray Arachelian wrote:
OS doesn't really matter, as it is a hypothetical system, but we'll assume either some form of unix/linux, or perhaps winNT or novell NetWare.
Can NFS under solaris or linux be tunneled through SSH? That would seem feasable (that is if you can get SSH to tunnel a UDP...)
I think SSH will not tunnel UDP, and TCP NFS for Linux and Solaris (?) is not reliable. I would lean towards SSH in rcp-style mode: for a continent-wide link you will probably find the performance of batch-style transfers more enjoyable than that of a remote file system system. SSH also very neatly lets you run remote commands and so on. (Enough, already...)
If not, you could use microsoft's PPTP, but I wouldn't trust its cyphers.
Don't touch it. ::Boots
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 14 Aug 1997, Ray Arachelian wrote:
On Wed, 13 Aug 1997, Mike Jones wrote:
OS doesn't really matter, as it is a hypothetical system, but we'll assume either some form of unix/linux, or perhaps winNT or novell NetWare.
Can NFS under solaris or linux be tunneled through SSH? That would seem feasable (that is if you can get SSH to tunnel a UDP...)
If thay are useing NFS over a lan I would hope thay are useing the TCP verson. While UDP is fine on a Lan you realy need the (reletive) reliblity that comes with TCP. In fact if you want any reliblity you sould by your own line. The Internet is just two unrealible. - -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBM/NbTaQK0ynCmdStAQG0mwQAw2d5J8pyAz93CVRjoN8c+FziznMSKmMW CCHKmLhOSHlqosem4Uas9kXZhMuqKG2ZZ8GZ/aXZL1zUtF9mX+jDxmBx3ohUEaDD u3OIJ84DSKEA3AQjsKp03FUo1j5/0unsbnPjks2iYRuO157FaFC5YYkx1gxqfbiI hyTKm7gLDts= =Nq6K -----END PGP SIGNATURE-----
Mike Jones <Mkljones@cris.com> writes:
A company does some R&D work, which it wishes to keep classified from competitors. ... Not wishing to use sneakernet type file transfer, they wish to pass confidential material from one network to the other using the Internet.
They should not be using the Internet not (only) because of security considerations, but because of performance/reliability/availability considerations. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.SUN.3.96.970813213346.8665A-100000@mariner.cris.com>, on 08/13/97 at 09:39 PM, Mike Jones <Mkljones@cris.com> said:
This is a 100% hypothetical situation, though would be interesting to see if it is possible.
A company does some R&D work, which it wishes to keep classified from competitors.
However, they have two main offices on opposite sides of the country.
Not wishing to use sneakernet type file transfer, they wish to pass confidential material from one network to the other using the Internet.
Now we all know that anyone with a little bit of knowledge can intercept the packets as they go past and read the information.
Email is out, as they do use a system of file mirroring, keeping each set of data as a backup as well as for usage.
Would make sense for them to use a type of NFS system, but is there an implimentation of secure (ie: encrypted) NFS available?
OS doesn't really matter, as it is a hypothetical system, but we'll assume either some form of unix/linux, or perhaps winNT or novell NetWare.
Thanks in advance for the info and knowledge...sorry if it's been asked before.
Redirect all your socket connections through ssh. That way all your communications between the two offices will be encrypted. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM/J/T49Co1n+aLhhAQFRLQQAm8iDbnsS1Rp//LiskXr/B9e5O7EcqSvt MRBotK9KeHET8qGDqexzt/U5OPH+gDVO3qAp5RZ/gl6LSRTTZON/gBheOeaVJIcl QqbDPshblGpibaxa9zUNADii6tlSwhp2qwV8hXuUsMZcYHOWu5CSzs3aVzbV2pDq +uAC20JyQpg= =XSLK -----END PGP SIGNATURE-----
participants (7)
-
? the Platypus {aka David Formosa} -
dlv@bwalk.dm.com -
Matthew Ghio -
Mike Jones -
nobody@REPLAY.COM -
Ray Arachelian -
William H. Geiger III