From owner-freebsd-questions Wed Dec 20 11: 8:32 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 11:08:27 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from kira.epconline.net (kira.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id A122F37B400; Wed, 20 Dec 2000 11:08:26 -0800 (PST) Received: from therock (betterguard.epconline.net [209.83.132.193]) by kira.epconline.net (8.11.1/8.11.1) with SMTP id eBKJ8Pe47579; Wed, 20 Dec 2000 13:08:25 -0600 (CST) (envelope-from carock@epconline.net) From: "Chuck Rock" To: , Subject: RE: What anti-sniffer measures do i have? Date: Wed, 20 Dec 2000 13:08:45 -0600 Message-ID: <000a01c06ab8$4676a040$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well there is another option you may not know about.... Encrypion on the physical level. 3Com make new network cards with built in encryption that works up to full duplex 100Meg. Secures sensitive data by delivering 3DES,DES,MD5,and SHA-1 Check out the specs here.... http://www.3com.com/products/nics/3cr990fb.html I don't know if anyone has built any drivers for FreeBSD, but I think it's worth it. They make one for the server too that allows redundant NIC's for failover protection. There appear to be beta drivers for Linux for these network cards as well... http://support.3com.com/infodeli/tools/nic/linuxdownload.htm I can sell the 3CR990-TX-97 which provides 168 Bit encryption for about $120 each. And the 3CR990-SVR-97 for $115. I haven't used these, but the principal sounds good. I think the only drawback is, any server using one probably has to have one in each client computer, or there would be no way for them to speak to each other. This would rule out some other equipment as well, but they are supposed to be compliant with IPSec. If anyone has used these, I would be interested in hearing how well they work in a "real" environment running other O/S's and routers and such. Chuck > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Dmitry Galyant > Sent: Wednesday, December 20, 2000 6:58 AM > To: Artem Koutchine > Cc: Jonas Luster; security@FreeBSD.ORG; questions@FreeBSD.ORG > Subject: Re: What anti-sniffer measures do i have? > > > On Wed, 20 Dec 2000, Artem Koutchine wrote: > > > Date: Wed, 20 Dec 2000 15:27:41 +0300 > > From: Artem Koutchine > > To: Jonas Luster , security@FreeBSD.ORG, > > questions@FreeBSD.ORG > > Subject: Re: What anti-sniffer measures do i have? > > > > Hello again! > > > > Well, i am depressed now :( The issue is even worse than i thought > > at first. So, SHOUD I upgrade to switches? Will they REALLY help? > > > > Or should i build a simple FreeBSD router for each branch of the tree > > with a buch of ethernet cards. For example. In a room with 8 computers i > > will install a Pentium MMX with 8 PCI slots and 8 network cards > and route > > pure IP, no MAC addresing (i don't need ipx rounter or > anything, just ip). > > and don't forget give root shell to this 8 mans ;-) > switch has no shell - imho it's better way. > > > > > Is there relatively cheap switches wich do the same? Is it even > a solution? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message