<snip>
>> I'm trying to hammer out a scheme for securing a wireless LAN where the
>> clients and/or admins are unable or unwilling to set up and maintain
>> IPsec.
<snip>
>So what are you using? vpnd? vtun?
>
I'm denying outbound access unless the user logs on to the router using ssh.
As long as he keeps a connection open (we're talking a LAN, the connection
shoudn't drop that often, plus there are ways to automatically reestablish a
connection upon drop), he's routable. Also I'm forcing him to pass all
sensitive info (pop3 passwords, etc.) through the ssh tunnel.
I know you're having a cow about allowing joe user to log on to a shell
account, but if we don't allow users on our linux machines, then how can we
ever expect then to migrate away from windows? </rant>. If you are still
paranoid, rbash is an option.
This is a high-maintenance way to manage users, but if security is a goal,
and the tech is willing to put up with the hassles, I think this method is
workable.
-- Joey Kelly < Minister of the Gospel | Computer Networking Consultant > http://joeykelly.net I'd rather crash a Ford than wreck a Chevy ___________________ Nolug mailing list nolug@nolug.orgReceived on 04/16/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST