[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Securing a LAN
From:       "William M. Perry" <wmperry () aventail ! com>
Date:       1997-01-03 9:20:31
[Download RAW message or body]

>I'm not sure if this is the right place for this question..... Does anyone
>have any info on how to secure traffic ( maybe encrypt ) between, say, a
>Windows Client and a Unix Server over an internal LAN while maintaining
>compatibility with existing applications?

  This is definitely the right place to ask.  You can currently do this
with a SOCKS server and an auto-socksifier like AutoSOCKS [1] or SocksCap
[2] for windows.  I'll concentrate on AutoSOCKS because I know it better
(of course).

  AutoSOCKS & SocksCap both automatically socksify an existing
application.  With AutoSOCKS, you run it once at login, and it socksifies
any application from then onward.  With SocksCap, you launch each
application through it - same effect, just less transparent to the user.

  With SOCKS v5, you can strongly authenticate or encrypt using a variety
of methods.  If you are using the aventail products, you have a few more
choices.  With publicly available code from NEC you can use
Username/Password authentication, and control on a per-user basis who gets
access to what.  For server-to-server communication, you can use Kerberos
via the GSS API - currently this is not available on the windows client
side though. We have plugins for different authentication/encryption
mechanisms as well, including CHAP to avoid sending your password in the
clear on each connection, and the upcoming VPN server beta will support
SSL.  You can find the specifications for CHAP and (soon) SSL in your
nearest internet-drafts repository (look for *marcvh*), or on the aventail
web site [3].

-Bill P.

1 - http://www.aventail.com/
2 - http://www.socks.nec.com/
3 - http://www.aventail.com/educate/security.html

[prev in list] [next in list] [prev in thread] [next in thread]