[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Maybe an Idea to secure networks
It could be helpful to calculate a checksum from the system openbsd was
Nothing LIKE MS with an Auth-Server and bla...
Short version beause my english is too bad:
Installation -> Calculation HW-Checksum -> save the checksum at a file
Admin: Config PF -> take the checksum from the file -> config PF so, that
only (maybe) the MAC-Adress X with THIS HW-Checksum Y and the Pass/User
Z1/Z2 could acces the fw (via SSH) from outside (or something else..)
If some parts of the Computer are damaged a new HW-Checksum could be
calculated and the Admin could change the configuration for PF.
Example for an SSH-Login:
Create the SSH-Tunnel
Ask for username/pw
Ask for HW-Checksum (something like a checksumD could transmit it, so other
Programs could use this service via a plugin or another interface)
If Z1/Z2 and Y are corect the user can login.
MAC-Adress could be filtered by PF.
Or it will be implemented in the "checksumD" (so that the checksumD transmit
checksum and MAC-adress).
This princip is not the "best" of all known princips.
Yes, maybe the checksum is spoofable to. You could calculate the sums, ok.
But you've to calculate MAC-Adresses (save in MySQL? *g*) too.
Then you've to find the pair of MAC and HW-Checksum and the combinition of
the user/pass pair.
The princip could be harder to crack if the "checksumD" uses the
Nothing like "Package XYZ is installed" or so.
But: SoundCard on IRQ 13, USB-Controler on IRQ (maybeBIOS-Version)... and so
My english to bad but I hope this short example is clear enough to
understand the princip.
So: What do you think about?