From owner-freebsd-doc Sun Nov 25 9:17:19 2001 Delivered-To: freebsd-doc@freebsd.org Received: from guppy.vub.ac.be (guppy.vub.ac.be [134.184.129.2]) by hub.freebsd.org (Postfix) with ESMTP id 09DF437B405 for ; Sun, 25 Nov 2001 09:17:05 -0800 (PST) Received: from fort-knox.rave.org (igwe15.vub.ac.be [134.184.49.15]) by guppy.vub.ac.be (8.9.1b+Sun/3.17.1.ap (guppy)) id SAA28965; Sun, 25 Nov 2001 18:16:55 +0100 (MET) for Received: (qmail 29440 invoked by uid 1979); 25 Nov 2001 17:16:30 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Nov 2001 17:16:30 -0000 Date: Sun, 25 Nov 2001 18:16:30 +0100 (CET) From: Wouter Van Hemel To: Agung Cc: doc@FreeBSD.org Subject: Re: how 2 secure In-Reply-To: <001101c175c1$387341a0$6610053d@telkom> Message-ID: PGP: 0B B4 BC 28 53 62 FE 94 6A 57 EE B8 A6 E2 1B E4 (0xAA5412F0) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 25 Nov 2001, Agung wrote: > Hello, > > I've used freebsd for my webserver. Could you tell me what is sniffing, > and how it work. then how to prevent with my freebsd. thank you. > That's not really the purpose of this list, you'd be better off asking questions to freebsd-questions@freebsd.org. This list is for discussion of documentation (or the lack thereof). But since I'm replying anyway, I'll try to answer your question. Tradionally, all data that gets sent over the net, happens in cleartext. This means, anybody on the same network as you, can almost literally see the characters passing on the network. It's a bit like having two phones on one line at home, while one's talking, the other can secretly follow the conversation with the other phone. Usually, this isn't that much of a problem, since .. well, most data isn't that important. But this changes when you send out something confidential over the network, such as a private email, your creditcard number, or even your system passwords. That's why people tend to encrypt the entire line, from your computer, over all routers on the net, all the way until it reaches the recipient. That way, nobody can listen in on what you (your computer) is saying to the other side. It's wise to log in using ssh, for example. Ssh encodes your password and data, so it can't be 'sniffed', it can't be read by someone between the two points of communication. Another application is (open)ssl, the Secure Sockets Layer. This finds use in webbrowsers (https) and maildaemons (e.g. sendmail). If you have confidential data that needs to be send over the web (suck as credit cards), set up an https server. If you receive or send very confidential emails, you might want to set sendmail up with ssl, too; keep in mind that all maildaemons have to be able to understand it, though, so I think you'd be better off using pgp/gpg. Using a https-server or enabling ssl in sendmail might be overkill; use your own judgement. But I strongly advise you to use ssh. Kind regards, wouter PS: please don't reply to this list To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message