Re: [OpenCALEA] Re: Re: control design

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

OpenCALEA

From: Rich
Date: Tue Apr 10 10:57:25 2007

Eg. in your case, you would almost
certainly want to not leave "controller" running on your firewalls at
all times, but only start it up if you actually had a subpoena to
collect data, and then only with appropriate firewall rules to limit
access to it.

<> Not real security, but stop gap to buy us more time to build something
<> more proper.

Perhaps use certificate-based authentication to log in via SSH to remotely start the controller ?

At least linking against the tcp wrappers lib?  Rudimentary network
access control for cheap ...

 Tcp wrappers is a great idea, though right now the tools are udp based
only, so it's not yet a usable idea.

IPTables supports UDP....

Follow-Ups:
- Re: [OpenCALEA] Re: Re: control design Jesse Norell

References:
- [OpenCALEA] control design Jesse Norell
- [OpenCALEA] Re: control design Jesse Norell
- Re: [OpenCALEA] Re: control design Manish Karir
- [OpenCALEA] Re: Re: control design Jesse Norell

Prev by Date: [OpenCALEA] Re: Re: control design
Next by Date: Re: [OpenCALEA] Re: Re: control design
Date Index
Thread Index
Author Index
Historical