Re: securing login to LAN through firewall?
phn_at_icke-reklam.ipsec.nu
Date: 11/14/03
- Next message: Dave B: "Re: Single Signed-on"
- Previous message: secretary_at_lxny.org: "NYC LOCAL: Friday 14 November 2003 NYLUG Workshop: Sunny Dubey on the RPM Package System"
- In reply to: Mike Scott: "securing login to LAN through firewall?"
- Next in thread: Mike Scott: "Re: securing login to LAN through firewall?"
- Reply: Mike Scott: "Re: securing login to LAN through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 14 Nov 2003 07:29:44 +0000 (UTC)
Mike Scott <usenet.8@do.not.use.this.scottsonline.org.uk> wrote:
> I thought I'd run this past the group in case (a) someone's already
> got code for this, or (b) I'm about to blast a hole through my
> security.....
> My home LAN cowers behind a FreeBSD gateway, using ipf as firewall.
> This normally ignores connection requests from the outside world.
> However, I see a need forthcoming to be able to log in occasionally to
> the gateway from a dial-up machine (different network) elsewhere in
> the country. Obviously, being a dial-up connection, I can't simply add
> its IP to an allowed list for the firewall. Furthermore, being a
> windows box, I can only assume it has telnet; it isn't mine, and I'd
> rather not get into installing extra software on it!
> I don't see that lack of encryption with telnet is a particular
> problem in this case; but I'm not leaving a telnet port open to the
> world on my LAN.
> My proposed solution is along these lines. I leave running on the
> gateway m/c a demon (would have to be run as root) that listens to the
> world on a port of my choice. From the remote machine, I telnet to
> that port, and the demon issues a challenge from a one time pad (OTP).
> If I respond correctly, it adds the client IP to the firewall's
> permitted list for access to telnetd. Such access could remain until
> the OTP telnet connection is closed, or for a timeout (maybe
> client-end-defined), at which point the demon would revert the
> firewall to its normal closed state.
> Assuming the OTP demon is written correctly, I can't see any major
> issues of principle with this scheme. Maybe it's already been done?
> I'd be grateful for comments please! Thanks in advance.
I'd suggest another path.
Enable ssh for login. Then find "appgate.com" and their java-based
ssh-client, available there. Load the client in any java-capable browser
and ssh home.
Appgate also sold these clients on CD, you could have one with you,
or you could place a copy on a webserver somewhere.
> --
> Please use the corrected version of the address below for replies.
> Replies to the header address will be junked, as will mail from
> various domains listed at www.scottsonline.org.uk
> regards. Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Next message: Dave B: "Re: Single Signed-on"
- Previous message: secretary_at_lxny.org: "NYC LOCAL: Friday 14 November 2003 NYLUG Workshop: Sunny Dubey on the RPM Package System"
- In reply to: Mike Scott: "securing login to LAN through firewall?"
- Next in thread: Mike Scott: "Re: securing login to LAN through firewall?"
- Reply: Mike Scott: "Re: securing login to LAN through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
