Re: [fw-wiz] Exposed serial connection

From: John Adams (jna-dated-1032604310.732402@retina.net)
Date: 09/16/02

• Next message: Schreiner, Dirk: "AW: [fw-wiz] Exposed serial connection"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Exposed serial connection"
• In reply to: Jonas Anden: "[fw-wiz] Exposed serial connection"
• Next in thread: Jonas Anden: "Re: [fw-wiz] Exposed serial connection"
• Reply: Jonas Anden: "Re: [fw-wiz] Exposed serial connection"
• Reply: m p: "Re: [fw-wiz] Exposed serial connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Jonas Anden <dajudge@home.se>
From: John Adams <jna-dated-1032604310.732402@retina.net>
Date: Mon Sep 16 06:24:00 2002

On 16 Sep 2002, Jonas Anden wrote:

> - Encrypting the IP connection (Preferably SSL)
> - Provide for authentication (Preferably outside the protocol sphere,
> like SSL client certificates).
> - Convert the data received on the IP end and send it out on the serial
> line, and vice versa.

I'd think a Linux box running ssh and a captive shell (i.e. ssh to a
restricted rsh, chroot'ed session) would be low-cost and ideal for this
situation. You can handle all of your authentication issues and such using
SSL and any additional features can be readily programmed in. Just find a
PC around the office that noone's using anymore (even a 286 will do for
this job!) and put it into service.

There are also many applications that can directly couple an inbound
session to a serial port that you may want to look into.

It's simply not worth spending money on proprietary hardware to solve this
problem.

--john

• Next message: Schreiner, Dirk: "AW: [fw-wiz] Exposed serial connection"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Exposed serial connection"
• In reply to: Jonas Anden: "[fw-wiz] Exposed serial connection"
• Next in thread: Jonas Anden: "Re: [fw-wiz] Exposed serial connection"
• Reply: Jonas Anden: "Re: [fw-wiz] Exposed serial connection"
• Reply: m p: "Re: [fw-wiz] Exposed serial connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: HELP Connection error on Release mode ... "Off" Always display detailed ASP.NET error information. ... This section sets the authentication policies of the application. ... Set trace enabled="true" to enable application trace logging. ... <!-- SESSION STATE SETTINGS ... (microsoft.public.dotnet.languages.csharp) Re: Session Fixation Vulnerability in Web-based Applications ... session, without modifying the way servers generate session ID's is as ... Think of the http server generated sessions as "UI Sessions" and as ... no impact on authentication. ... "authentication key" for this domain (usually in the form of a new ... (NT-Bugtraq) Re: [PHP] Re: a question on session ID and security ... constructed to produce the actual authentication token. ... looking at the cookies on the client gets no indication that you're ... testing for remote session hijacking weaknesses. ... blinded by a bright shiny new algorithm. ... (php.general) Re: Forms authentication vs session variable ... There is a known security vulnerability called "Session Hijacking", ... and there are standard ways of protection. ... With forms authentication being the standard approach, ... (microsoft.public.dotnet.framework.aspnet) Re: Forms authentication vs session variable ... There is a known security vulnerability called "Session Hijacking", ... and there are standard ways of protection. ... With forms authentication being the standard approach, ... (microsoft.public.dotnet.framework.aspnet)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint