Hello Jun Mao, since you wrote:
> Some users require for transfering files i.e. cp,... which need to
> be encrypted through network between cells. Has anyone managed
> this before?
The short answer is: put the ecryption into the presentation layer of the
network, that is where it belongs - see any good book on Networking, for
example A.S.Tanenbaum ... (You are, of course using the OSI Networking
model :-0) ?
That way all stuff that needs to go to sites which need encryption will
get encrypted, or will arrive as garbage if one of the partners cannot
handle encryption, in which case no classified stuff should get there
anyway.
The long answer is that you can write encrypting applications (although
calling commands like cp an application is stretching it a bit ...) and
then you can have all the management fun of keeping tables of which hosts
you should use encrypting cp to and which hosts not.
You then need a way to prevent your users from using any cp surrogates
(cat, tail, head, pr, fmt, vi, ed, ex and the functions read(), write(),
putc(), and getc() of the C i/o library spring to mind immediately ...)
when using a file system on those hosts. Get that lot approved by your
security people - you will know whom to talk to if you need encryption -
and you are away :-).
Finally you could just train your users to use the commands /bin/plain/cp
or /bin/encrypted/cp as necessary - but do not talk about that idea to your
security people, as they will certify you rather than your security scheme.
Thomas
* email: cmaae47 @ imperial.ac.uk (uk.ac.imperial on Janet)
* voice: +44 71 589 5111 x4937 or 4900 (day)
* fax: +44 71 823 9497
* snail: Thomas Sippel - Dau
* User Support Services
* The Center for Computing Services
* Imperial College of Science, Technology and Medicine
* Exhibition Road
* Kensington SW7 2BX
* Great Britain
