First question was:
>I want to secure my network: now students want to plug PC
>with Linux on Ethernet... Of course, they can spy
>Another trick is to act as an already existing host:
>on the PC you set up the good IP address, and then you
>gain a lot of access through NFS exports on the server:
>like reading anyone's files. To protect from this, I wanted to
>use explicit ARP tables.
>Unfortunately when a diskless station reboots, the status
>of the entry in the arp table changed from 'permanent'
>to normal status.
>1. Is there any way to have really permanent entries?
I talked with the (French) Hot Line. They told me that there's
the bug I described but gave no solution. There told me about
workarounds. Now every 5 minutes, I reload the ARP table.
But this method is not a method:
- every host who can use DECNET (DEC, Sun) has to control
the Ethernet address by software. DECNET addresses are
Ethernet address, and you want to choose your DECNET
- on PC, hardware just sets up a default Ethernet address.
After software can control the Ethernet address.
>2. How do other sites handle PC on Ethernet? Do we have to stop
>using NFS, NIS, and so on?
a) Use secure RPC.
b) Use Kerberos. Then any important informations is crypted.
But what do you do with X-terminals, with Eudora on PC
and Mac? Is there a kerberised Eudora?
c) About the problem of spying Ethernet: use "switched Ethernet".
(Kalpana, Alantec, or Artel) Or "switching UTP hup".
Unfortunately there's no key on Ethernet cable, on plugs, ...:
so you can remove the cable from a running station,
amd acts as the station with a PC...
firstname.lastname@example.org (Carl Bartz)
Dan Stromberg - OAC-DCS <email@example.com>
lemke@MITL.Research.Panasonic.COM (Kennedy Lemke)
jason andrade <firstname.lastname@example.org>
email@example.com (Lew Doll)
firstname.lastname@example.org.AU (Brett Lymn)
email@example.com (Rob Lyle UNIX Sys Admin)
Mike Raffety <firstname.lastname@example.org>
Lawson A S <email@example.com>
firstname.lastname@example.org (Birger A. Wathne)
email@example.com (Peter Gutmann)
Jacques Beigbeder | Internet: firstname.lastname@example.org
Service de Prestations Informatiques |
Ecole Normale Superieure |
45 rue d'Ulm | Tel : (33-1) 44-32-37-96
F75230 Paris Cedex 05 | Fax : (33-1) 44-32-20-80
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:28 CDT