OpenCALEA
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
[OpenCALEA] Re: Re: control design
- From: Jesse Norell
- Date: Tue Apr 10 10:19:13 2007
> <> Our thoughts on that atleast till the May deadline is to have
> <> everything working and operational. Security for us would then
> <> be acheived by firewalling the controller/tap devices such that
> <> only the controller can access them. There will be one
> <> fixed and designated controller in our architecture.
>
> Not all sites can guarantee that the device will be on a separate
> management network. One can (and I do) use host firewalls, at least.
The general consensus is there's not enough time to "do it right"
initially, but just trying to get enough functionality there to actually
be usable for calea purposes by the May 15 deadline. In any state
though, a set of programs like this, above most other types, needs to be
understood by those using it. Eg. in your case, you would almost
certainly want to not leave "controller" running on your firewalls at
all times, but only start it up if you actually had a subpoena to
collect data, and then only with appropriate firewall rules to limit
access to it.
> <> Not real security, but stop gap to buy us more time to build something
> <> more proper.
>
> At least linking against the tcp wrappers lib? Rudimentary network
> access control for cheap ...
Tcp wrappers is a great idea, though right now the tools are udp based
only, so it's not yet a usable idea. The tools are changing though (and
are likely to take a significant reshape with the introduction of
df_collector); certainly the controller/collector could easily use tcp
(with wrappers) in the short term.
I've been considering the implementation of a simple hash-based
handshake for the short term, too. I know very little about crypto
libraries and programming though .. I'm sure there are much better ways
to do it, but something that would work in the short term and I'd also
be capable of doing is to keep a known "passphrase" on the collector
side; when the controller connects, the collector sends some "challenge"
text, which the controller then hashes together with the known
passphrase, and sends the hash to the collector to compare to one it
generates. I can pull that off using crypt() .. and that's about the
extent of my crypto abilities at the moment; in time a much better
design can surely be had.
--
Jesse Norell - jesse@kci.net
Kentec Communications, Inc.
|
