Maybe an Idea to secure networks

["Mark" <judas_iskario@web.de>]

It could be helpful to calculate a checksum from the system openbsd was
installed on.
Nothing LIKE MS with an Auth-Server and bla...

Short version beause my english is too bad:

Installation -> Calculation HW-Checksum -> save the checksum at a file
Admin: Config PF -> take the checksum from the file -> config PF so, that
only (maybe) the MAC-Adress X with THIS HW-Checksum  Y and the Pass/User
Z1/Z2 could acces the fw (via SSH) from outside (or something else..)
If some parts of the Computer are damaged a new HW-Checksum could be
calculated and the Admin could change the configuration for PF.

Example for an SSH-Login:

Create the SSH-Tunnel
Ask for username/pw
Ask for HW-Checksum (something like a checksumD could transmit it, so other
Programs could use this service via a plugin or another interface)

If Z1/Z2 and Y are corect the user can login.
MAC-Adress could be filtered by PF.
Or it will be implemented in the "checksumD" (so that the checksumD transmit
checksum and MAC-adress).

This princip is not the "best" of all known princips.
Yes, maybe the checksum is spoofable to. You could calculate the sums, ok.
But you've to calculate MAC-Adresses (save in MySQL? *g*) too.
Then you've to find the pair of MAC and HW-Checksum and the combinition of
the user/pass pair.

The princip could be harder to crack if the "checksumD" uses the
systemconfiguration too.
Nothing like "Package XYZ is installed" or so.
But: SoundCard on IRQ 13, USB-Controler on IRQ (maybeBIOS-Version)... and so
on.


My english to bad but I hope this short example is clear enough to
understand the princip.
So: What do you think about?

Mark