OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: Secure gateway to intranet

Re: Secure gateway to intranet

Tim Priebe (timiafrica.com.na)
Fri, 24 Sep 1999 13:28:37 +0200

On Fri, 24 Sep 1999, The Mad Scientist wrote:
> All,
> I am looking for a secure way to log into a machine on an intranet.
> Here's what I have in mind.
> A user ssh-es to a machine on the boarder network. Her shell is a
> script/program that asks for a name of an internal machine, then ssh-es to
> that machine after an authentication. This way, I could only open the
> border and internal routers up to that machine and a proxy server and I
> could have a log of who goes where. I'd also like to be able to set up
> some kind of acl in the proggie/script that dictates which users can go to
> which machines. For authentication, a username/pass will do for now, but
> later I'd like to expand it to some kind of one time card. Some kind of
> transparent secure file transfer would also be great.
> Now, here's what I am interested in knowing. What would be a simple and
> secure way to implement this. (I was thinking of perl) What sort of
> things should I be wary of when setting this up? Is this even advisable? ^_^
> Thanks in advance,
> -Dean

My solution to a similar problem is to use ipfw rules, together with ssh. I
have a small number of fixed ip addresses on the outside, that are allowed to
connect to a small number of fixed addresses on the inside. Logging can be done
with the tcp setup packets.

Tim.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Fri Sep 24 1999 - 03:48:16 CDT