[ale] Encryprted External Modems

Christopher Fowler cfowler at outpostsentinel.com
Thu Dec 21 13:32:16 EST 2006 

My recommendation to them is to use PPP to connect up to the device via
Windows DUN.  Then use SSH to get a CLI to the box.  The PPP is not
encrypted but the SSH will be.  Just because they can PPP to the device
does not mean they can access it.  They still have to use SSH for that
and their user/pass will be encrypted for that.

On Thu, 2006-12-21 at 11:05 -0500, Bob Toxen wrote:
> Wired phone lines rarely are tapped and it is a Federal felony (unless
> the Guvment does it).
> 
> Encryption is your friend.
> 
> Even Windoze supports IPSec and SSH (PuTTY for SSH as someone else
> already mentioned).
> 
> If it's only Windoze at one facility, put a Linux box in there with a
> modem that they can connect to via modem. within this physically secure
> environment.  Then, have that Linux box connect to the server Linux box
> via SSH or IPSec.
> 
> Bob Toxen
> Just back from an on-site security project in Ireland
> bob at verysecurelinux.com               [Please use for email to me]
> http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> 
> "Microsoft: Unsafe at any clock speed!"
>    -- Bob Toxen 10/03/2002
> 
> On Mon, Dec 18, 2006 at 06:49:22PM -0500, Christopher Fowler wrote:
> > Most of my customers actually use Procom Plus.  I use the word
> > "Hyperterminal" to simply explain the concept of dialing into a system
> > and getting access to a tty.  To most of my customers (and sales reps)
> > when I use that term it is understood what I mean.  I prefer Minicom and
> > use it on a weekly basis.  On Linux of course.
> > 
> > If this were both Linux I would simply crank out a middle man to do
> > encryption on the link but since one end could be Windoze I don't want
> > to touch it with a 10 ft pole.
> > 
> > On Mon, 2006-12-18 at 17:48 -0500, John Mills wrote:
> > > Christopher -
> > > 
> > > I have had very poor experience with Hyperterminal. 'TeraTerm-Pro' is much
> > > better, and free. See also 'PuTTY'. Either of them does SSH console
> > > sessions out of MsWin. TeraTerm looks more like Hyperterminal and
> > > shouldn't dismay a MsWin user. There are a few differences from HT in the 
> > > configuring controls, IIRC, but functionally they arrive about the same 
> > > spot. With the significant advantage that TeraTerm _works_. &8-) 
> > > 
> > >  - Mills
> > > 
> > > On Mon, 18 Dec 2006, cfowler wrote:
> > > 
> > > > On the customer's desktop side the dial-up is not IP.  I will be windoze
> > > > running Hyperterminal calling the Linux side.  That connection needs
> > > > encryption too.
> > > > 
> > > > On Mon, 2006-12-18 at 14:31 -0500, Pete Hardie wrote:
> > > > > On 12/18/06, cfowler <cfowler at outpostsentinel.com> wrote:
> > > > > > I have 2 linux boxes that need to dial each other and the tinfoil hat
> > > > > > brigade is afraid someone will drop in on the PSTN connection.  Can
> > > > > > anyone suggest an encrypted modem we could use?
> > > > > 
> > > > > 
> > > > > Are they worried about account info, or application info.  If the
> > > > > latter, ssh over the dialup connection should suffice.
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list