[Dshield] Remote incident handling tool

lucy@lucindrea.com lucy at lucindrea.com
Sat Dec 3 01:44:10 GMT 2005

>  Thanks for your input, especially on the GPL concerns.  This will
> definately be a free product.  The major stumbling block seems to be
> setting it up so that not just anyone can get a copy off your site and
> use it to VPN into your network or something crazy like that.
>  Anyway, I will keep everyone updated as we progress.
>  Regards,
>  Pete

the best way i see to do this and still make it freely avilable is to
configure the vpn stuff on the orginal image to require pub/priv keys but
NOT to include them ( you include the tools to create them ).

if your giving the cd to an offsite tech who needs to get into your system
, you can then send them your pub key vie e-mail or other means , this
allows anyone to use the cd but only those you give the key to would be
able to access your system .. you could even put the creation of the key
on the boot up scripts of the cd so the first thing it asks is for the
user to create a key and/or to inpurt one from a floppy ( or worst case
download from a ftp server where you would delete that copy once the
"enduser"  tech gets it ) , this also allows others to use the cd in their
enviroment with their own unique keys.

on a side note , with the advent of dvd-r and most servers now comming
with dvd readers as standard , we now have room for massive amounts of
tools/data on this type of recovery boot disk. Personaly i have been
working on my own version of barts network boot disk that has just about
ever nic driver on it so that you can boot up and basicly be connected
tcp/ip with little or no effort .. the only reasion why no one seems to
have this allready is that it still requires some M$ files that cannot be
included , although i never saw a reasion why no-one has made such a disk
without the files and just a readme saying ( put your licenced files here
) ..

More information about the list mailing list