Ta Xrhsima Tutorials Toy Xrhstou Rikoudh Parousiazoyn....

Christos Ricudis ricudis at paiko.gr
Wed Oct 17 21:51:01 EEST 2001 

Hello Kostas!

  On 17 Oct 01, Kostas Liakakis wrote to Christos Ricudis with subject "Re: Ta
Xrhsima Tutorials Toy Xrhstou Rikoudh Parousiazoyn....":

 >> 1) Sthn periptwsh enos VPN me apomakrysmenes 'nhsides', den
 >> mporeis na ka8oriseis apo poy pernaei to traffic sou kai poios 
 >> to akouei. Epilektiko application-layer encryption se mia 
 >> tetoia periptwsh einai sxedon adynato.

 KL> Kanto mou ligo liana auto. An ta dedomena sou einai
 KL> kryptygrafhmena, esto kai apo thn idia thn efarmogh 
 KL> ti shmasia exei apo posa hops 0a perasei? An fysika
 KL> 0eleis na mhn akougetai  tipote apo to VPN sou pros 
 KL> ta e3o tote bebaios kai pas sthn allh lysh. Ypo0eto
 KL> pos auto h0eles na peis e3arxhs. Alla kai pali, den 
 KL> 0a  elega thn  lysh adynath, alla ton administrator  
 KL> hli0io... :-)

Profanws kai den exei, alla stis perissoteres periptwseis se ena VPN einai
kalytero na kryptografeis ta panta stous border routers toy VPN, para na
paideyesai na kaneis end-to-end kryptografhsh sto application layer kai access
control stous border routers gia na bebaiw8eis oti kanenas de 8a prospa8hsei na
steilei sth grammatea sou sto Doublino unencrypted th syntagh gia ntolmadakia
ths giagias toy. 

 >> 2) Ease of use. Dystyxws den yparxei akoma kanena ebraios
 >> apodekto protypo gia application-layer encryption (should 
 >> we use Telnet/STARTTLS or SSH? POP3/SSL or POP3/STARTTLS? 
 >> ktl ktl ktl). To meionekthma bebaia einai oti to encryption

 KL> Skepsou omos oti ena bug den 0a se 3ebrakosei entelos...

Wraia, 8a se ksebrakwsei en merei. Ti einai kalytero, na kaneis aplws recompile
to IPSec h na kaneis recompile to OpenSSL, na sou xtyphsei to mod_ssl, na 8elei
recompilation to IMAP/SSL, ktl ktl ktl? 

 >> 3) Wireless networks opoy einai apo dyskolo ews adynaton na
 >> kaneis eykolo access control sto MAC layer. Se megales poleis
 >> me deployed amateur 802.11 networks hdh kapoioi arxisan na 
 >> kykloforoun stoys dromous me laptops kai sniffers psaxnontas 
 >> kapoio diktyo gia na bgoyn ston aera :>

 KL> Mpaaa... na se ypoklepsoun nai. Na bgoun ston aera mesa apo sena
 KL> apokleietai. 0a to katalabaines eu0eis amesos. Apla kai mono giati 
 KL> 0a kobotan ena meros tou diktyoy sou.

Giati? Nai, 8a kobotan ena meros toy bandwidth - poy ante na to katalabeis -
kai an eisai arketa paranoikos wste na kaneis arketa perioristiko traffic
filtering sta borders toy wireless diktyou isws na mhn kataferei kapoios na
bgei eksw - alla einai arketa periploko kai den nomizw oti aksizei ton kopo. 

To mono poy exei na kanei kapoios einai na plhsiasei ena access point sou me
ena laptop, kai n'arxisei na sniffarei. Amesws gnwrizei th diey8ynsh toy
gateway, to LAN address, ki akomh ki an xrhsimopoieis WAP to spaei mesa se 15
lepta. Dialegei mia unused (h silent) address mesa sto subnet (poy manteyei ta
oria toy), kai ante meta esy na ton breis. Ase poy de mporeis kan na
akoloy8hseis to kalwdio kai na breis ton papara sto allo akro, otan den yparxei
kalwdio :> 

 KL> Opos kai na to koita3eis, se ena point-to-point dyktyo, mporoun
 KL> na synhpar3oun mono dyo points.

Den einai aparaithto h topologia na einai point-to-point, oute h texnologia se
periorizei se mono 2 points. Prosekse, milaw gia 802.11. Nai, yparxoyn point-
to-point sync wireless links, alla den me endiaferei toso ayth h periptwsh. Mhn
ksexnas oti akoma kai sthn point-to-point periptwsh, exeis kapoies keraies oi
opoies sthn kalyterh periptwsh twn waveguides me parabolic reflector exoyn ena
eyros peripoy 10 moires ston kyrio lobo kai exoyn kai ena sxetika isxyro lobo
akribws pisw apo thn keraia. Den einai dioloy api8ano na brisketai ki allos
kosmos mesa stis 10 moires.  

 >> 4) Pros ta kei katey8ynetai to internet engineering, sto IPv6
 >> to IPSEC einai 'sxedon' mandatory. I love standards [1]

 KL> I couldn't agree more. To mono pou me anyshxei einai mhpos to
 KL> standard mporei na to metafasoun oi diaforoi echelon. Asxetos 
 KL> key length. Katalabaineis...

Nai, alla 8a xreiastoun th boh8eia twn ekswghinwn, kai ap'oti 8ymamai oi
ekswghinoi katebhkan sth gh thn teleytaia fora mono gia na apagagoyn ton elvis
presley. 

Kalh h synwmosiologia, alla toylaxiston ta open standards ta meletaei KAI h
ereynhtikh koinothta ektos apo tous echelonades - an yparxoyn back doors
yparxei megalyterh pi8anothta na to myristei kapoios exontas to plhres
specification. 8ymasai thn periptwsh toy DES? 

--
Christos Ricudis

In God we trust.
All others must present a valid X.509 certificate.

More information about the Linux-greek-users mailing list