[2085] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Digest.

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Thu Oct 29 03:14:51 1998

To: linux-security@redhat.com
Date: Thu, 29 Oct 1998 08:42:26 +0100 (MET)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


Hi,

There have been a bunch of useful submissions for the compare /contrast
thread. 

To reduce the load on your mailbox, they are gathered here in one go...

				Roger. 


Date: Wed, 28 Oct 1998 15:11:37 +0000
From: "David L. Sifry" <dsifry@linuxcare.com>
To: "Matthew S. Crocker" <matthew@crocker.com>
CC: Rob Bringman <rob@trion.com>, linux-security@redhat.com
Subject: [linux-security] Re: compare / contrast of linux fw and others

For an extra module, Firewall-1 does VPN.  Linux also has various VPN
options.  Check out VPS <http://www.strongcrypto.com/> for one, CIPE
and IP Tunnel (ipip.o) are others off the top of my head.

Dave
-- 
Dave Sifry, Chief Technical Officer
LinuxCare, Inc.  
415 831-9507 tel, 415 831-9763 fax
dsifry@linuxcare.com, http://www.linuxcare.com/

LinuxCare, The Leader in Linux Support

From: "Danyell Wilt" <danyell@ctelcom.net>
To: "Matthew S. Crocker" <matthew@crocker.com>
Cc: <linux-security@redhat.com>
Subject: [linux-security] Re: compare / contrast of linux fw and others
Date: Wed, 28 Oct 1998 09:17:45 -0600

>Can you do VPN with your linux solution.  I love linux and have setup
>several linux firewalls.  I have only played with firewall-1 for a bit and
>the GUI is the only thing I can think of which makes it a better
>'corporate' solution.

    You can use ssh to make a VPN using Linux , pppd , and pty-redir. The
HOWTO was written by Arpad Magosanyi and is avaliable
    http://www.cdrom.com/pub/linux/slackware/docs/mini/VPN

    The VPN more or less sets up ppp between two Linux machines, and
encrypts all traffic using secure shell encryption.


Date: Wed, 28 Oct 1998 11:10:28 -0500 (EST)
From: "Peter H. Lemieux" <phl@cyways.com>
To: "Matthew S. Crocker" <matthew@crocker.com>
cc: Rob Bringman <rob@trion.com>, linux-security@redhat.com
Subject: [linux-security] Re: compare / contrast of linux fw and others

On Wed, 28 Oct 1998, Matthew S. Crocker wrote:

> Can you do VPN with your linux solution.  I love linux and have setup
> several linux firewalls.

Check out http://sites.inka.de/sites/bigred/devel/cipe.html for a VPN
implementation for Linux.  Installs as a kernel module plus daemon.  By
default it uses 128-bit Blowfish, but can be configured to use other
encryption methods.  Right now it uses a static key, but Olaf Titz, the
developer has said he's looking to implement public-key solutions down the
road.  His first priority at the moment is to make it all run with 2.1.x
kernels.

I now use it routinely to communicate with my remote servers.  Makes it
look like the server resides on my private IP network which is behind my
Linux office firewall.

Peter


-----

Peter H. Lemieux				Voice:	(800) 5-CYWAYS	
CYWAYS, Incorporated					(+1 617 796 8995)
19 Westchester Road				Fax:	(617) 796-8997
Newton, Massachusetts 02458-2519 USA		Web:    http://www.cyways.com

To: linux-security@redhat.com
Subject: [linux-security] Re: compare / contrast of linux fw and others 
Reply-To: oboyle@csociety.purdue.edu
Date: Wed, 28 Oct 1998 10:23:00 -0600
From: "Todd O'Boyle" <oboyle@csociety.purdue.edu>


> Doesn't Firewall-1 do VPN? Virus scanning (optional), HTTP scanning
> (virus/content optional) QoS.

HTTP content and Virus scanning comes with FW-1, but Checkpoint's VPN
software is a different product.  They do seem to integrate seamlessly,
though.

> Can you do VPN with your linux solution.  I love linux and have setup
> several linux firewalls.  I have only played with firewall-1 for a bit and
> the GUI is the only thing I can think of which makes it a better
> 'corporate' solution.

One can build VPNs using SSH.  There is a bit of information here, but
a web search would probably do you better:
http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/index.html#VPN
It's based on running PPP over the encrypted SSH link.

The virus and HTTP scanning, if it isn't implemented already, would
probably be a fun project if we can find an algorithm to do such a thing.

Also, I have come across a WWW based rule-generator for IPFW.  You can find it
at ftp://coast.cs.purdue.edu/pub/tools/unix/fwconfig/.  This may be something
that may be a plus to sell IPFW to your boss.

cheers,
-Todd

To: linux-security@redhat.com
Subject: [linux-security] Re: compare / contrast of linux fw and others 
Date: Wed, 28 Oct 1998 17:27:07 -0500
From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

In message <Pine.LNX.3.95.981028080106.17173A-100000@rmc1.crocker.com>, 
"Matthe
w S. Crocker" writes:
+-----
| > I am the Firewall-1 administrator where I work and it has a very nice
| > GUI tool for defining objects (can be hosts, networks, DNS domains,
| > groups of hosts, etc.) and a straightforward way of building a
| > rulebase.
| 
| Doesn't Firewall-1 do VPN? Virus scanning (optional), HTTP scanning
| (virus/content optional) QoS.
+--->8

You could probably come up with modules to do these kinds of things in 
connection with ipchains, but technically Linux's solution is a packet 
filter, not a firewall.  That's only one part of the equation --- products 
like FireWall-1 also provide other parts such as proxy servers.

-- 
brandon s. allbery	[os/2][linux][solaris][japh]	 allbery@kf8nh.apk.net
system administrator	     [WAY too many hats]	   allbery@ece.cmu.edu
electrical and computer engineering					 KF8NH
carnegie mellon university


From: "Carric Dooley" <carric@com2usa.com>
To: "'Matthew S. Crocker'" <matthew@crocker.com>,
        "'Rob Bringman'" <rob@trion.com>
Cc: <linux-security@redhat.com>
Subject: Re: [Linux-security] Re: compare / contrast of Linux FW and others
Date: Wed, 28 Oct 1998 20:04:41 -0500

Firewall 1 will do FW to FW encrypted tunneling and you can download the
free "SecuRemote" client for VPN.  The only VPN solution I have heard of for
Linux would be SSH.  I was talking to the FSecure Rep and he said you can
run everything through SSH (mail, ftp, http, etc.).  If you fire up and SSHd
on your Linux box, then use FSecure client on a windows box (and he said he
was sure it could be done with Linux, though he didn't' know how -- I would
love to play with it).  Now rootshell did get hacked through ssh today, so
maybe this requires more evaluation...

The other solution I have seen is to use SSH on two Linux boxes, then setup
tunneling between them as secure gateways between two networks.


Date: Thu, 29 Oct 1998 11:44:41 +0800
To: linux-security@redhat.com
From: Chan Kar Heng <khchan@cyberdude.com>
Subject: [linux-security] Re: compare / contrast of linux fw and others

At 08:05 AM 10/28/98 -0500, you wrote:

how about reporting? anything useful to please
the eyes of the management people?


>> I am the Firewall-1 administrator where I work and it has a very nice
>> GUI tool for defining objects (can be hosts, networks, DNS

<snipped>
http://home.backroom.net/~bozo



-- 
| Most people would die sooner than think....  |    R.E.Wolff@BitWizard.nl 
| in fact, most do.  -- Bertrand Russsell      |     phone: +31-15-2137555 
We write Linux device drivers for any device you may have! fax: ..-2138217

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post