Great Circle Associates Firewalls
(August 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: conditional encryption
From: sedayao @ argus . intel . com (Jeffrey C. Sedayao)
Date: Tue, 23 Aug 94 10:57:39 PDT
To: nsaputra @ hea . com (Nancy Saputra)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9408190119 . AA08608 @ mis12 . hyundai . com> from "Nancy Saputra" at Aug 18, 94 06:19:02 pm 
> > I want to set up my system to use encrypted links to specified sites and
> > unencrypted links to the general public. Currently the plan for our network
> > looks like:

> > Internet --- Firewall --- router === various subnets

> > It seems to me that all I really need is a way to have inetd pick which of
> > 2 ftpds (or telnetds or rloginds) to call based on ip number of the remote
> > host. Does anyone know of a package that does this?

> > Shannon Bell
> > Email: shan .
 bell @
 sware .
 com - Voice: +1 404 315 6296 x63 - Fax: +1 404 315 0293
> > SecureWare, Inc. / 2957 Clairmont Rd Suite 200 / Atlanta GA 30329-1647
> > GCS -d+@ H>++ s+:- g+ p?>!p !au>* a- w+ v- C++$ U[BLUAVHSCX]++++$ P+ L+>+++
> >  3>+++ E- !N>N++ K W M+ V- -po+ Y+ t+>+(+++) 5+ j R(+) G'('') tv+ b+++ !D
> >  B-- e++ u** h--- f+ r+++ n-- y+++
 
> I am looking to find the same solution also.  I came across a product
> called Netlock by Hughes (714-707-1862).  This uses DES encryption at the
> network layer (TCP/IP) and runs on SunOS 4.1.X and HP-UX 9.0X.  I wanted to
> be used for mostly email which requires that a copy be resident on
> each sendmail gateway at each site.
 
> Have anyone heard about and used this product?  If there is a better solution,
> I'll also like to hear about it.
 
I have used a Morningstar router to selectively encrypt
the data portion of IP packets based on IP address.  It works really
well at lower speeds (56Kbit and fractional T1)  but has trouble at T1.
It uses DES encryption.  It does not do key exchanges.

I will soon be looking at product by Semaphore Corporation ((408) 980-7750).
This product is supposed to do selective encryption/decryption based on
IP address, as well as handle encryption of other protocols like IPX and
Banyan VINES.  The product literature says that it does key exchanges.
RSA and DES are encryption choices.

In the long run, I'd rather use application layer encryption.  Makes a
lot of this stuff unnecessary.

> Nancy Saputra
> Hyundai Electronics
> Sr. Unix Systems Administrator
-- 
Jeff Sedayao
Intel Corporation
sedayao @
 argus .
 intel .
 com
References:
Indexed By Date Previous: Head over parapet
From: Peter @ infotek . demon . co . uk (Peter M White)
Next: Re: root account and routine work
From: Adam Shostack <adam @ bwh . harvard . edu>
Indexed By Thread Previous: Re: conditional encryption
From: nsaputra @ hea . com (Nancy Saputra)
Next: Re: conditional encryption
From: snyderra @ dunx1 . ocs . drexel . edu (Bob Snyder)
Google
 
Search Internet Search www.greatcircle.com