Security Basics mailing list archives

RE: How to authentificate an user via telephon?

From: "Schuler, Jeff" <Jeff.Schuler () hit cendant com>
Date: Wed, 4 Dec 2002 10:55:04 -0700

That works in a small environment but not in an enterprise setting where you
may have hd staff who have never met many of the users.

As part of the initial user setup we have each user pick a question and
provide the answer for it.  That goes into our call tracking system and only
the HD staff can view it.  If the person cannot answer their question, no
service.

Not a high tech solution but it works.

Jeff Schuler

-----Original Message-----
From: Champion, Steve [mailto:SChampion () tmh tmc edu] 
Sent: Wednesday, December 04, 2002 10:04 AM
To: security-basics () lists securityfocus com
Subject: RE: How to authentificate an user via telephon?

Your speaking about social engineering.

Makeing sure that the person on the phone is who they say they are.

An idea we had was to put up inexpensive computers in key locations and to
put inexpensive cameras on these systems.   

So when a person called to get their password reset, that person would go
the the password station, the helpdesk person would see the person is who
they say they are, then reset the password..

It could be a cheap system too, an old PC running windows, and a cheap $40
web-camera from CompUSA and walla!

Thank You
Steve Champion
Sr. Security Analyst
Methodist Health Care Systems
schampion () tmh tmc edu


-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de]
Sent: Tuesday, December 03, 2002 12:50 PM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?


Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you 
has to determin wheter the user is the correct 
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

-- 
http://board.protecus.de - Firewalls, Security and more ...

Current thread:

Re: How to authentificate an user via telephon?, (continued)
- Re: How to authentificate an user via telephon? Marc Cuypers (Dec 05)
- Re: How to authentificate an user via telephon? J . Reilink (Dec 05)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
  - Re: Switch and Hub Testing Project Julian Young (Dec 09)
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
  - Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
  - RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
  - AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)
- RE: How to authentificate an user via telephon? Mark Medici (Dec 06)
- RE: How to authentificate an user via telephon? Chris Berry (Dec 06)