Re: Socket security

From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 11/22/03 

Date: Sat, 22 Nov 2003 21:50:37 +0000

joe durusau spilled the following:

>
> - wrote:
>
<snip>
>> It is possible for an unrelated program (not running on the client
>> machine) to send garbage to the client program via its client socket,
>> or is the connection completely private between the client and server
>> program?
>>
>
> In general, there is absolutely nothing secure about an unencrypted
> transmission over a network. The difficulty of actually causing a
> problem depends on where the threat computer is and how alert the
> operators (if any ) at each end of the connection are. Such things
> as ssl are fairly secure, but for life-threatening situations, you need
> all systems confined to s secure facility on a totally private network
> with intrusion detection systems preventing unauthorized access to
> all systems and many other features.
>
> What you really need is a decision that only you can make,
> after deciding what the routing is for the information in question, the
> cost of a compromise, the amount of damage that can be done,
> etc, e

It is exactly to address these kinds of problems that network encryption was
developed. An easy solution to most of these problems is to use an ssh
tunnel / IPSEC connection or an SSL tunnel.

Personally, I have most experience with the last. Although there are plenty
of commercial products to do this, the most reliable and easiest to use I
have found is stunnel - which is free, non-intrusive and runs on just about
anything.

HTH

C.

Relevant Pages

  • RE: One computer two different networks
    ... Install a VPN server that accepts clients from the secured network, ... So when a client machine fires up the VPN client software and connects ... they can no longer talk to resources on the secure ... network...of course our first thought is to buy 250 computers ...
    (Security-Basics)
  • Re: WSE 3.0 + UserNameToken without X.509 Cert/Kerberos + Signing + Encryption How?
    ... I still think that there is a lot of benefit for Secure Conversation ... message security and thefore it does not encrypt the message. ... between client and server using a UserNameToken that passes the UserName ... assuming the client request adds a proper UserNameToken... ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WSE 3.0 + UserNameToken without X.509 Cert/Kerberos + Signing + Encryption How?
    ... If you want to support Secure Conversation in your custom assertion, ... your assertion will automatically support Secure conversation. ... message security and thefore it does not encrypt the message. ... between client and server using a UserNameToken that passes the UserName ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: A new concept for security management?
    ... I wasn't clear about what my client wants ... >understand it, is VPN access to an existing, secure network. ... all the standard security stuff ...
    (Security-Basics)
  • Re: NT4 -> Win2K3 question
    ... Did you set the DNS settings on the client properly? ... Get Secure! ... I logon locally, use nbtstat -c, it shows correctly. ... We have total 50 PCs most of them are Windows NT Workstation ...
    (microsoft.public.windows.server.migration)