Re: question about something, but don't know if it exists...
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote: * Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. Yes it is if you use managed switches, and lock each port down by MAC address. Though that is a pain in the ass to do. It might work, though, if you only need a few secure workstations, e.g., teachers entering grades. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote: * Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. Yes it is if you use managed switches, and lock each port down by MAC address. Though that is a pain in the ass to do. It might work, though, if you only need a few ‘secure’ workstations, e.g., teachers entering grades.
Re: question about something, but don't know if it exists...
* Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. i'll happily give you a POP3 account over SSL... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck qvid me anxivs svm? msg04069/pgp0.pgp Description: PGP signature
Re: question about something, but don't know if it exists...
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [011106 05:54]: Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Ever seen www.anonymizer.com ? They may have a service that will suit your needs, although I believe they may charge you for it. I haven't checked them out in a while, but I thought it would be worth passing along the tip anyway. HTH. good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpM1PwPVTZ0u.pgp Description: PGP signature
Re: question about something, but don't know if it exists...
* Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. i'll happily give you a POP3 account over SSL... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] qvid me anxivs svm? pgpZ5huXra6qE.pgp Description: PGP signature
Re: question about something, but don't know if it exists...
mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of Try some commercial IPSec implementation. F-Secure at least has one. Probably others as well. The standard is platform independent, so W95, WNT, W2k, linux, anything should work fine together. Avoid MS implementation, how ever, it used to be incompatible (surprise?). I do not know if it still is. There are even commercial IPSec-gateway switches available at least from Cisco - if you do not want to use linux as firewall/gateway/what ever. Just put everything under IPSec and that's it. Of course, there is a problem if your computers are not very fast - IPSec encrypts absolutely everything so it really takes some CPU. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [011106 05:54]: Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Ever seen www.anonymizer.com ? They may have a service that will suit your needs, although I believe they may charge you for it. I haven't checked them out in a while, but I thought it would be worth passing along the tip anyway. HTH. good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' msg04066/pgp0.pgp Description: PGP signature
Re: question about something, but don't know if it exists...
mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of Try some commercial IPSec implementation. F-Secure at least has one. Probably others as well. The standard is platform independent, so W95, WNT, W2k, linux, anything should work fine together. Avoid MS implementation, how ever, it used to be incompatible (surprise?). I do not know if it still is. There are even commercial IPSec-gateway switches available at least from Cisco - if you do not want to use linux as firewall/gateway/what ever. Just put everything under IPSec and that's it. Of course, there is a problem if your computers are not very fast - IPSec encrypts absolutely everything so it really takes some CPU. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: question about something, but don't know if it exists...
Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba You could use cipe. Karun p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Now I know there are many possibilites I have to think about, that's cool, I can think a lot and don't solve anything which makes me feel well ;) cheers Rene Skoba -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
On Tuesday, November 6, 2001, at 06:23 AM, Bryan Andersen wrote: [EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. what about using fetchmail over ssh? i thought i heard of someone doing that before... or just use plain ssh? Putty, http://www.chiark.greenend.org.uk/~sgtatham/putty/, is an excellent ssh client for windows, and best of all, it's free. == == Twice blessed is help unlooked for. --Tolkien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
question about something, but don't know if it exists...
Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) thanks Rene Skoba
Re: question about something, but don't know if it exists...
anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: question about something, but don't know if it exists...
Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution.
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba You could use cipe. Karun p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution.
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen|
Re: question about something, but don't know if it exists...
Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Now I know there are many possibilites I have to think about, that's cool, I can think a lot and don't solve anything which makes me feel well ;) cheers Rene Skoba
Re: question about something, but don't know if it exists...
On Tuesday, November 6, 2001, at 06:23 AM, Bryan Andersen wrote: [EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. what about using fetchmail over ssh? i thought i heard of someone doing that before... or just use plain ssh? Putty, http://www.chiark.greenend.org.uk/~sgtatham/putty/, is an excellent ssh client for windows, and best of all, it's free. == == Twice blessed is help unlooked for. --Tolkien
Re: question about something, but don't know if it exists...
Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. Just a warning, this would buy you absolutely nothing (outside of some performance). There are enough tools out there capable of ARP spoofing the switch that you'd be protected for as long as it took someone to apt-get install hunt on one of their laptops.
question about something, but don't know if it exists...
Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) thanks Rene Skoba -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
