The best solution that we've crafted (and with wich we are satisfied)
* Packet filtering on the proper tcp port & machine pairs.
* Encryption in order to avoid sniffing. In order to do this we are
using lpr/lpd for executing commands. So we have multiple queues
defined. First of all an encryption queue in the same network of the
lpr client. Then a decryption queue in the same network of the lpd
server. And finally a printing queue at the lpd server.
Our packet filters only allow communications between the encryption
machine and the decryption machine (in some cases the decryption
machine is the same as the lpd machine).
It works fine, and we feel pretty comfortable with the security (we
are using PGP for encryption and authentication).
This solution is now being used by one of our customers in order to
print across the Internet worldwide.
Any comment will be welcomed.
Adrian F. Setton
LighTech Voice: (54-1) 373-1141
Ayacucho 563. Piso 13 Of. "A" FAX: (54-1) 373-1215
Buenos Aires e-mail: asetton @
Argentina URL: http://www.lightech.com.ar