>>For people needing telnet access
>>from the outside, we use a Digital Pathways, Inc encryption device ...
We also use an authentication system based on public key cryptology known
as Sphinx or SPX to allow incoming rlogin, rsh and rcp. The traveler
carries a laptop PC running a flavor of BSD unix (MACH V2.5, BSDI or SONY
NEWS), connects to the network and then authenticates to an SPX server
inside of the company. Since the data passing over the network is
encrypted, no plaintext passwords are visable to snoopers. Similar to
kerberos, once authenticated the user is free to rlogin, rsh or rcp
to/from any machine running SPX software as long as the user is listed in
the ~/.sphinx file (similar to the ~/.rhosts file).
For additional security a method of encapsulating IP within IP has been
developed. This encapsulation creates a virtual link between the remote
machine and a host within the compnay over which IP datagrams flow. The
traffic on the virtual link may be protected with a message digest and/or
encrypted as needed.
---- ---- ---- ---- ---- ----
DEC Network Systems Lab (NSL) <reilly @
Palo Alto, California or <reilly @