Professional Web Applications Themes

IPSec on an OS X laptop? - Mac Applications & Software

I'm interested in learning about security in open WiFi hotspots. A recommendation by eWeek is to use an IPSec tunnel, and although I've seen that acronym, I have no clue what it is, whether OS X supports it (of _course_ it _does_, but I don't know that), and how to get it up and running so that I can use it in a coffee shop and not worry about passwords and credit card info being sniffed and stolen as if I were one of those MS monkeyboys with a wide-open Wintel computer. So before I googol and turn up a ...

  1. #1

    Default IPSec on an OS X laptop?

    I'm interested in learning about security in open WiFi hotspots. A
    recommendation by eWeek is to use an IPSec tunnel, and although I've seen
    that acronym, I have no clue what it is, whether OS X supports it (of
    _course_ it _does_, but I don't know that), and how to get it up and
    running so that I can use it in a coffee shop and not worry about passwords
    and credit card info being sniffed and stolen as if I were one of those MS
    monkeyboys with a wide-open Wintel computer.

    So before I googol and turn up a few million hits on IPSec to try to wade
    through, any exegesis or pointers to URLs?
    --
    Philip Stripling | email to the replyto address is presumed
    Legal Assistance on the Web | spam and read later. email to philip
    [url]http://www.PhilipStripling.com/[/url] | civex.com is read daily.
    Phil Stripling Guest

  2. #2

    Default Re: IPSec on an OS X laptop?



    On Thu, 26 Jun 2003, Tom Harrington wrote:
    > > running so that I can use it in a coffee shop and not worry about passwords
    > > and credit card info being sniffed and stolen as if I were one of those MS
    > > monkeyboys with a wide-open Wintel computer.
    > >
    > IPSec is supported in Mac OS X, but it's not likely to help in your
    > case. It's used for VPNs, Virtual Private Networks. Meaning you need
    > something to connect to at the other end, typcially a corporate network
    > of some kind. It enables a remote computer to act as if it's on the
    > company's local network, securely. If you don't have a business or some
    > other organization running a VPN for you to connect to, IPSec is more or
    > less irrelevant.
    Excellent summary, Tom. FWIW I use IPSEC tunnels from my PB17 to encrypt
    my Airport sessions on my home network. 90% of my traffic is either with
    my BSD server (mail, news, time, dns, backup), or my Cisco 806 en route to
    the Internet; so I have a tunnel for each.

    Just an example so the OP can see a case where you MIGHT use it in a home
    environment; as you said it doesn't have much bearing on the coffee shop
    scenario.

    KeS
    Kevin_Stevens@hotmail.com Guest

  3. #3

    Default Re: IPSec on an OS X laptop?

    Tom Harrington <tphpcisys.no.spam.dammit.net> writes:
    >SNIP<
    > company's local network, securely. If you don't have a business or some
    > other organization running a VPN for you to connect to, IPSec is more or
    > less irrelevant.
    Okay, thanks. Bummer, though.
    >SNIP<
    > If your ISP (or whoever) allows you to set up ssh connections, you can
    > probably use port forwarding to encrypt data that would typically be
    > "clear". If this is the case I could give more detail, but as with
    > IPSec it really depends on having someone who'll allow you to make that
    > kind of connection on the other end.
    I can, uh, ssh into my ISP, but then I'm in a shell account with Lynx. I do
    that every day, but I use Lynx for certain sites that give me information
    in text form, not Java or JavaScripts for reservations and such.

    Thanks, Tom.

    --
    Philip Stripling | email to the replyto address is presumed
    Legal Assistance on the Web | spam and read later. email to philip
    [url]http://www.PhilipStripling.com/[/url] | civex.com is read daily.
    Phil Stripling Guest

  4. #4

    Default Re: IPSec on an OS X laptop?

    Tom Harrington <tphpcisys.no.spam.dammit.net> writes:
    >SNIP<
    > It's a bit bersome, but it's completely secure and it works.
    I'll read the snipped material carefully and give it a try. Thanks for the
    very helpful information.
    >
    > If your ISP supports secure secure POP3 connections, you can probably
    > make this a lot simpler. For example, Mail.app has a "use SSL" switch
    > in preferences. But that requires more setup at your ISP that they
    > probably haven't done. The scheme above gives you the same security,
    > but requires you to set it all up yourself.
    Now this is very interesting, but I have a question. My access is via DSL
    through SBC. I never use whatever mailbox I have with them, but I do use
    them for outgoing email. All incoming email is read from my ISP with my
    "real" email address (see my .sig). In looking at the Use SSL box, I'm left
    uncertain whether that applies to reading incoming email, which would be
    downloaded directly from my "real" email box, _and_ to my outgoing email
    through the smtp server run by SBC. Mail.app is configured to download from
    the real email address and send through smtp.sbc.yadayadayada. Do both
    services have to have SSL set up to use that switch?

    Right now I ssh into the shell account to read email securely. I also use
    it to create and send attorney/client related email, but I use mail.app for
    sending some non-confidential email. It would be handy at times to use
    mail.app instead of starting up Terminal, logging into the shell, and
    starting up my email program.

    --
    Philip Stripling | email to the replyto address is presumed
    Legal Assistance on the Web | spam and read later. email to philip
    [url]http://www.PhilipStripling.com/[/url] | civex.com is read daily.
    Phil Stripling Guest

  5. #5

    Default Re: IPSec on an OS X laptop?

    In article <3q1xxfgx9r.fsfshell4.tdl.com>,
    Phil Stripling <phil_striplingcieux.zzn.com> wrote:
    > Now this is very interesting, but I have a question. My access is via DSL
    > through SBC. I never use whatever mailbox I have with them, but I do use
    > them for outgoing email. All incoming email is read from my ISP with my
    > "real" email address (see my .sig). In looking at the Use SSL box, I'm left
    > uncertain whether that applies to reading incoming email, which would be
    > downloaded directly from my "real" email box, _and_ to my outgoing email
    > through the smtp server run by SBC. Mail.app is configured to download from
    > the real email address and send through smtp.sbc.yadayadayada. Do both
    > services have to have SSL set up to use that switch?
    It's a separate setting. If you look in the "Advanced" setting on an
    account, you'll see the option to use SSL. That'd be secure POP or
    IMAP, depending on how the account works. But if you look at the
    "Account Information" tab, down at the bottom where the outgoing mail
    server is set, and click the "options" button, you'll see a similar
    option for secure SMTP. So, selecting SSL on one service is independent
    of setting it on another one. Mail wouldn't be completely secure unless
    SSL is enabled in both directions.
    > Right now I ssh into the shell account to read email securely. I also use
    > it to create and send attorney/client related email, but I use mail.app for
    > sending some non-confidential email. It would be handy at times to use
    > mail.app instead of starting up Terminal, logging into the shell, and
    > starting up my email program.
    Note that, unless you're using PGP or something to encrypt the mail,
    it's questionable just how secure this attorney/client mail is. Even if
    you ssh into the shell, the message is still transmitted in clear text.
    It might be the best choice, though, unless you can somehow get your
    clients to also use PGP. If you were using PGP-encrypted mail, all the
    previous discussion about SSH and SSL would become moot, at least for
    email.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See [url]http://www.atomicbird.com/[/url]
    Tom Harrington Guest

  6. #6

    Default Re: IPSec on an OS X laptop?

    Tom Harrington <tphpcisys.no.spam.dammit.net> writes:
    > Note that, unless you're using PGP or something to encrypt the mail,
    > it's questionable just how secure this attorney/client mail is. Even if
    > you ssh into the shell, the message is still transmitted in clear text.
    > It might be the best choice, though, unless you can somehow get your
    > clients to also use PGP. If you were using PGP-encrypted mail, all the
    > previous discussion about SSH and SSL would become moot, at least for
    > email.
    I advise clients that email between us is clear text unless encrypted, and
    not to send confidential material; most are comfortable using email for our
    correspondence and don't worry any more about interception than they do
    with written letters.

    But _reading_ it in ssh leaves it in the clear from my server to me? My
    ISP uses ssh2, and I had understood my connection from my Mac to the ISP
    was encrypted. The man page for ssh2 begins
    Ssh2 (Secure Shell) is a program for logging into a remote
    machine and executing commands in a remote machine. It is
    intended to replace rlogin and rsh, and provide secure,
    encrypted communications between two non-trusted hosts
    over an insecure network.

    I'm hoping I am misreading your comment and that you mean that the message
    is transmitted between the client's server and mine in the clear? Or am I
    misreading the "encrypted communications between two ... hosts ..."? Yikes!

    --
    Philip Stripling | email to the replyto address is presumed
    Legal Assistance on the Web | spam and read later. email to philip
    [url]http://www.PhilipStripling.com/[/url] | philipstripling.com is read daily.
    Phil Stripling Guest

  7. #7

    Default Re: IPSec on an OS X laptop?

    In article <3qvfuo8r0w.fsfshell4.tdl.com>,
    Phil Stripling <phil_striplingcieux.zzn.com> wrote:
    >But _reading_ it in ssh leaves it in the clear from my server to me?
    No, it doesn't. However, it does leave it in the clear from the other
    person to your server!

    -s
    --
    Copyright 2003, all wrongs reversed. Peter Seebach / [email]seebsplethora.net[/email]
    [url]http://www.seebs.net/log/[/url] - YA blog. [url]http://www.seebs.net/[/url] - homepage.
    C/Unix wizard, pro-commerce radical, spam fighter. Boycott Spamazon!
    Consulting, computers, web hosting, and shell access: [url]http://www.plethora.net/[/url]
    Seebs Guest

  8. #8

    Default Re: IPSec on an OS X laptop?

    In article <3qvfuo8r0w.fsfshell4.tdl.com>,
    Phil Stripling <phil_striplingcieux.zzn.com> wrote:
    > Tom Harrington <tphpcisys.no.spam.dammit.net> writes:
    >
    > > Note that, unless you're using PGP or something to encrypt the mail,
    > > it's questionable just how secure this attorney/client mail is. Even if
    > > you ssh into the shell, the message is still transmitted in clear text.
    > > It might be the best choice, though, unless you can somehow get your
    > > clients to also use PGP. If you were using PGP-encrypted mail, all the
    > > previous discussion about SSH and SSL would become moot, at least for
    > > email.
    >
    > I advise clients that email between us is clear text unless encrypted, and
    > not to send confidential material; most are comfortable using email for our
    > correspondence and don't worry any more about interception than they do
    > with written letters.
    >
    > But _reading_ it in ssh leaves it in the clear from my server to me? My
    > ISP uses ssh2, and I had understood my connection from my Mac to the ISP
    > was encrypted. The man page for ssh2 begins
    > Ssh2 (Secure Shell) is a program for logging into a remote
    > machine and executing commands in a remote machine. It is
    > intended to replace rlogin and rsh, and provide secure,
    > encrypted communications between two non-trusted hosts
    > over an insecure network.
    >
    > I'm hoping I am misreading your comment and that you mean that the message
    > is transmitted between the client's server and mine in the clear? Or am I
    > misreading the "encrypted communications between two ... hosts ..."? Yikes!
    Between your ISP's server and your eyes it's encrypted, not subject to
    anyone sniffing 802.11b or anything like that. Between the ISP's server
    and the rest of the world it's readable. It'd be harder for the average
    Joe Cracker to get at it, but it's not encrypted either. It sounds like
    you've got a good grasp of what's going on in this regard, it just
    seemed earlier like you might be expecting more security than you have.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See [url]http://www.atomicbird.com/[/url]
    Tom Harrington Guest

  9. #9

    Default Re: IPSec on an OS X laptop?

    In article <3qel1c1dxq.fsfshell4.tdl.com>,
    Phil Stripling <phil_striplingcieux.zzn.com> wrote:
    > Tom Harrington <tphpcisys.no.spam.dammit.net> writes:
    >
    > > Between your ISP's server and your eyes it's encrypted, not subject to
    > > anyone sniffing 802.11b or anything like that.
    >
    > Whew! That's what I was thinking. :-)
    >
    > > Between the ISP's server
    > > and the rest of the world it's readable. It'd be harder for the average
    > > Joe Cracker to get at it, but it's not encrypted either. It sounds like
    > > you've got a good grasp of what's going on in this regard, it just
    > > seemed earlier like you might be expecting more security than you have.
    >
    > It's harder to read minds on the Internet. Thanks, Tom. I've tried both SSL
    > options on mail.app, and neither will work with my pop and smtp accounts,
    > so I'll continue doing email while ssh'd into my shell account. If anyone
    > _were_ sniffing, I'd presume they'd be doing it around my computer, not the
    > entire Internet, so I'll do what I can for security at this end.
    Well, probably. I don't know what kind of law you practice, or what
    kind of clients you have, so I wouldn't know how hard someone might work
    to make trouble for them. I suppose I'm either paranoid or just watch
    too much TV. :-)

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See [url]http://www.atomicbird.com/[/url]
    Tom Harrington Guest

  10. #10

    Default Re: IPSec on an OS X laptop?

    In article <3q1xxfgx9r.fsfshell4.tdl.com>,
    Phil Stripling <phil_striplingcieux.zzn.com> wrote:
    >
    >Now this is very interesting, but I have a question. My access is via DSL
    >through SBC. I never use whatever mailbox I have with them, but I do use
    >them for outgoing email. All incoming email is read from my ISP with my
    >"real" email address (see my .sig). In looking at the Use SSL box, I'm left
    >uncertain whether that applies to reading incoming email, which would be
    >downloaded directly from my "real" email box, _and_ to my outgoing email
    >through the smtp server run by SBC. Mail.app is configured to download from
    >the real email address and send through smtp.sbc.yadayadayada. Do both
    >services have to have SSL set up to use that switch?
    There are two separate SSL boxes. One in the account preferences screen
    under "advanced", the other in the screen reached by the "Options..."
    button under "outgoing mail server". The latter is for outgoing, the
    former for incoming. Your ISP has to support secure mail for those to
    work.

    --
    Matthew T. Russotto [email]mrussottospeakeasy.net[/email]
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Russotto Guest

  11. #11

    Default Re: IPSec on an OS X laptop?

    Phil Stripling wrote:
    >
    > Right now I ssh into the shell account to read email securely. I also use
    > it to create and send attorney/client related email, but I use mail.app for
    > sending some non-confidential email. It would be handy at times to use
    > mail.app instead of starting up Terminal, logging into the shell, and
    > starting up my email program.
    >
    You might consider using some cross-platform encryption such as GPG/PGP.
    You can also create Stuffit archives and add a password, which will be
    unstuffable on Winders boxes.

    While random viewing of your mail to clients has a no rate of occurance,
    targeted viewing might be a concern sometime. The IT person at a firm,
    for example.

    cheers.

    wheat Guest

Similar Threads

  1. ipsec, pptp or something else.
    By Cristian Salan in forum FreeBSD
    Replies: 0
    Last Post: February 17th, 09:06 AM
  2. IPSec Interfaces
    By Rob G in forum Windows Setup, Administration & Security
    Replies: 3
    Last Post: July 25th, 12:52 AM
  3. IPSec
    By leigh a. perry in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: July 10th, 07:41 PM
  4. bos.net.ipsec.keymgt 5.2.0.11
    By Sven Morling in forum AIX
    Replies: 0
    Last Post: July 10th, 08:39 AM
  5. Solaris 9 IPsec VPN
    By Steve Kappel in forum Sun Solaris
    Replies: 0
    Last Post: June 30th, 09:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139