Re: [fw-wiz] Exposed serial connection

From: Paul D. Robertson (proberts@patriot.net)
Date: 09/16/02


From: "Paul D. Robertson" <proberts@patriot.net>
To: Jonas Anden <dajudge@home.se>
Date: Mon Sep 16 06:19:01 2002

On 16 Sep 2002, Jonas Anden wrote:

> I need to expose a sensitive serial port to a remote site through IP.

To get from a serial protocol to IP, you want to do a Google search on
"serial tunneling." You may get further hits with "Serial-to-Ethernet"
and "RS232-to-Ethernet" (assuming the serial protocol you're converting
is RS232.)

> The protocol used on the serial line is text based with some control
> bytes and totally unauthenticated. Are there any applicances recommended
> that can perform the following:
>
> - Encrypting the IP connection (Preferably SSL)
> - Provide for authentication (Preferably outside the protocol sphere,
> like SSL client certificates).
> - Convert the data received on the IP end and send it out on the serial
> line, and vice versa.

You'll need a serial tunneling device at each end (pretty sure you can do
it on Cisco routers, but it might need a breakout box for signaling.)
Once the traffic is IP, you can push it through any authenticating pipe
you want.

Sorry I don't have any particular info on tunnels that natively support
SSL, it's been a while since I did Datacomm.

HTH,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation