RE: [PLUG] secure tcp/ip communication

Charles Stack on Wed, 13 Sep 2000 10:43:44 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] secure tcp/ip communication

From: "Charles Stack" <charles@codycomp.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] secure tcp/ip communication

Date: Wed, 13 Sep 2000 10:39:25 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Unless you are familiar with secure application design, I suggest that you look for an established, proven solution rather than attempt your own. Failure to understand the various protocols and vulnerabilities in their implementation could render your "solution" far more damaging than none at all as you will have a false sense of security. It was suggested on this list that you use ssh. You could also use vpnd or, if ambitious, modify your kernel to support IPSEC. Alternatively, you could could with commercial hardware based system such as a Shiva Express to secure your network. But, to answer your question...yes...encryption should occur JUST BEFORE sending and decryption should be done immediately AFTER receiving. I would also suggest that you compress your data first before encrypting to reduce entropy in the data and decompress following decryption. Charles -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of shux@subculture.org Sent: Monday, September 11, 2000 11:37 PM To: plug@lists.nothinbut.net Subject: [PLUG] secure tcp/ip communication I will soon be writing a few applications that will need to make use of tcp/ip (using the sockets API). However, because the project involves remote administration and access privelages, it is important that I use a secure connection, so that passwords or other information can't be sniffed. Does anyone have any experience using encrypted tcp/ip tunnels? Should I just encrypt the data I will be sending using send() and decrypt it after it is received by recv()? I looked on fm.net and found a library called libmcrypt. I have not yet looked at its documentation. Also a quick search with apt-cache gives me packages like tunnelv, stunnel, and sslwrap? Has anyone on this list used any of these tools? Thank You, Xtian Betz shux@subculture.org | aim: shuxlos p.s. (should I have vi wordwrap for me? Does it bother you guys?) ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] secure tcp/ip communication
From: Stephen Brown <steve@dataclarity.net>

References:

[PLUG] secure tcp/ip communication
From: shux@subculture.org

Prev by Date: Re: [PLUG] secure tcp/ip communication

Next by Date: Re: [PLUG] secure tcp/ip communication

Previous by thread: Re: [PLUG] secure tcp/ip communication

Next by thread: Re: [PLUG] secure tcp/ip communication

Index(es):

Date

Thread