On Mon, 2002-10-07 at 11:03, Jason A. Pattie wrote: > [EMAIL PROTECTED] wrote: > > Using IPSec shouldn't be too hard, except that I believe that it > > requires IPSec in the server kernel. I wonder if that requires > > a kernel rebuild, or if a module can just be loaded. > > IPSec is easily configured. However, it does definitely require a > server kernel (and thin client kernel) rebuild. :( > But it's fairly simple to configure and build.
Jason, As I see it, there's really only one reason to encrypt traffic on a network: you don't trust everyone on your network. On a wired network a few years back, you could be reasonably certain that everyone plugged into your network was your employee (and therefore controllable, or at least fireable). On a wireless network, you must assume that every teenager who walks past your door is sniffing your traffic, including MAC addresses; this is what is pushing me to explore IPSec and its relatives. I'm inclined to agree that IPSec closes more holes than ssh or ssl do. However, I still see a couple of problems I haven't been able to see a fix for. (Yes, this is a request for help!) 1. Ideally, we could use IPSec to authenticate each *workstation* long before we ask for names or passwords. However, each workstation starts up without a key every time it starts (it either builds one, or gets it from a central server somehow). I think this means that we cannot use the IPSec keys to authenticate the workstation. How can we prove that the workstation isn't an outsider trying to get into our network? 2. How can we prevent man-in-the-middle attacks? Is it possible without workstation authentication? -David ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
