Firewall authentication?

Firewall authentication?

Post by Steve Bu » Sun, 25 Mar 2001 04:16:06



Is it possible to create a linux box which acts as a firewall but also
authenticates incoming users? So for example, user 1 is authenticated
and gets access to computers A, B, and C while user 2 is authenticated
and gets access to computers X, Y, and Z. Thanks for your help.

--Steve

 
 
 

Firewall authentication?

Post by The Spoo » Sun, 25 Mar 2001 05:39:01


Steve Bui wrote ...

Quote:>Is it possible to create a linux box which acts as a firewall but also
>authenticates incoming users? So for example, user 1 is authenticated
>and gets access to computers A, B, and C while user 2 is authenticated
>and gets access to computers X, Y, and Z. Thanks for your help.

>--Steve

I haven't done anything like precisely what you specify, but I've made a
simple program that authenticates a user and opens the firewall to this user
until the connection is broken or the user chooses to close it. This
application could be changed to open a number of possible connections in the
way you specify.

The basic principle is like this:

- The "server" is started by inetd/xinetd for incoming "telnet" connections
to some port
- The user starts a telnet session against this port
- The user specifies his/her username and presses Enter
- The system returns a form of prompt, called a challenge (I use Opie for
authentication)
- The user has an Opie calculator (a program for either Linux or Windows)
that takes the challenge and the user's secret password to calculate a "key"
(the response to the challenge) in the form of six simple, English words
like "DOOM EDEN FRET LIME SO DUAL"
- The user responds to the challenge with the key and presses Enter
- The system either grants access (i.e. inserts rules to open the firewall)
or denies it (just drops the connection)
- The user keeps this session open for as long as she or he needs to have
the firewall open

The above is more or less a cookbook for creating a similar program -- and I
hope it was an answer like this you were looking for.

  /TRY

 
 
 

Firewall authentication?

Post by Steve Bu » Sun, 25 Mar 2001 06:03:27


Is this program posted somewhere for download?

> I haven't done anything like precisely what you specify, but I've made a
> simple program that authenticates a user and opens the firewall to this user
> until the connection is broken or the user chooses to close it. This
> application could be changed to open a number of possible connections in the
> way you specify.

> The basic principle is like this:

> - The "server" is started by inetd/xinetd for incoming "telnet" connections
> to some port
> - The user starts a telnet session against this port
> - The user specifies his/her username and presses Enter
> - The system returns a form of prompt, called a challenge (I use Opie for
> authentication)
> - The user has an Opie calculator (a program for either Linux or Windows)
> that takes the challenge and the user's secret password to calculate a "key"
> (the response to the challenge) in the form of six simple, English words
> like "DOOM EDEN FRET LIME SO DUAL"
> - The user responds to the challenge with the key and presses Enter
> - The system either grants access (i.e. inserts rules to open the firewall)
> or denies it (just drops the connection)
> - The user keeps this session open for as long as she or he needs to have
> the firewall open

> The above is more or less a cookbook for creating a similar program -- and I
> hope it was an answer like this you were looking for.

>   /TRY

 
 
 

Firewall authentication?

Post by The Spoo » Sun, 25 Mar 2001 20:27:52


Steve Bui ...
Quote:>Is this program posted somewhere for download?

-- Cut --

Sorry, I did this program for a customer that is very security-aware and
thus believes in security by obscurity (i.e. no open source here).

Sorry again.

  /TRY