Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

R: Worldwide authentication

From: "Alessandro Bottonelli" <abottonelli () libero it>
Date: Fri, 18 Oct 2002 19:46:59 +0200



-----Messaggio originale-----
Da: Marty [mailto:marti () videotron ca]
Inviato: giovedì 17 ottobre 2002 14.39
A: security-basics () securityfocus com
Oggetto: Worldwide authentication


They don't necessarly own portable PCs.


So we assume PC cafe public terminals, friends or collegues PCs, etc.


We need to authenticate the users to let them access data from the
mainframe.


A WEB front end will solve the problem that they do not necessarily
have their own PC (and their own client application).


Note that the data is very sensitive.


OK, SSL for data encryption and "strong authentication" shall be
called into service ...


What is the (esiest/not too expensive) solution?


For traffic encryption SSL. For authentication I would go with
ID Cards (those with an LCD Display that changes every minute).
They do not require an interface with the system (which could
be any kind of system you said before...) and are reasonably
priced.

Do not forget that your application should be able to disconnect
idle users and leave nothing in the clear on the client PC (since
it is not necessarily owned by your user).

--
Alessandro Bottonelli
A.Bottonelli () axis-net it (professional)
ABottonelli () libero it (personal)
Previous By Date Next
Previous By Thread Next

Current thread: