Great Circle Associates Firewalls
(September 1992)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: SUMMARY: Why allow incoming telnet?
From: Michael Reilly / Network Systems Lab (NSL) <reilly @ PA . DEC . COM>
Date: Tue, 29 Sep 92 15:39:51 -0700
To: firewalls @ GreatCircle . COM
Cc: Frederick M. Avolio <avolio @ dco . dec . com>, reilly @ Pa . dec . com
In-reply-to: Your message of "Tue, 29 Sep 92 09:15:49 EDT." <9209291315 . AA03416 @ gildor . dco . dec . com>

Fred writes:

>>For people needing telnet access
>>from the outside, we use a Digital Pathways, Inc encryption device ...

We also use an authentication system based on public key cryptology known
as Sphinx or SPX to allow incoming rlogin, rsh and rcp.  The traveler
carries a laptop PC running a flavor of BSD unix (MACH V2.5, BSDI or SONY
NEWS), connects to the network and then authenticates to an SPX server
inside of the company.  Since the data passing over the network is
encrypted, no plaintext passwords are visable to snoopers.  Similar to
kerberos, once authenticated the user is free to rlogin, rsh or rcp
to/from any machine running SPX software as long as the user is listed in
the ~/.sphinx file (similar to the ~/.rhosts file).

For additional security a method of encapsulating IP within IP has been
developed.  This encapsulation creates a virtual link between the remote
machine and a host within the compnay over which IP datagrams flow.  The
traffic on the virtual link may be protected with a message digest and/or
encrypted as needed.


---- ---- ---- ---- ---- ----

Michael Reilly

DEC Network Systems Lab (NSL)	   <reilly @
 nsl .
 dec .
Palo Alto, California		or <reilly @
 decwrl .
 dec .

Indexed By Date Previous: uucpd
From: Edward DeHart <ecd @ cert . org>
Next: Re: So what is vulnerable? A list..
From: wietse @ wzv . win . tue . nl (Wietse Venema)
Indexed By Thread Previous: SUMMARY: Why allow incoming telnet?
From: Frederick M. Avolio <avolio @ dco . dec . com>
Next: Re: SUMMARY: Why allow incoming telnet?
From: Joe Peck <peck @ PA . DEC . COM>

Search Internet Search