Security Basics mailing list archives
Re: Worldwide authentication
From: "Fred Williams" <A20FBW1 () wpo cso niu edu>
Date: Wed, 23 Oct 2002 11:57:40 -0500
Hello, This may be overboard but I think there might be an additional problem:
They don't necessarily own portable PCs.
So are they using "trusted" pc's? ie, do you know that the computer the trusted user is using is clean (no keylogger etc)? (say that 3 times fast ;-) Fred
"Chris Berry" <compjma () hotmail com> 10/18/02 05:14PM >>>marti () videotron ca 10/17/02 06:34PM >>>Hi everybody, One of our client need to authenticate users that are roaming from
city
to city. They don't necessarly own portable PCs. We need to authenticate the users to let them access data from the mainframe. Note that the data is very sensitive. What is the (esiest/not too expensive) solution? We are already using Cryptocard/Cisco for our VPN. We've looked at USB key token, certificates... Our idea is to use a SSL session with authentication, need to decide wich authentication solution is best.
The way I see it you have two problems: 1) Make sure the user logging in is the correct user Since you can't ensure that they have any client software, I recommend a dual authentication system, such as that marketed by RSA which involves a password, and a code. The code is displayed on a small device about the size of a fat key and changes every 30 seconds or so. (No, I don't work for RSA, nor am I saying they are the best or only provider for this) In my opinion this system is very secure when combined with some sort of encrypted communications channel. 2) Ensure that no one piggybacks or sniffs your signal. For this encryption is the way to go, either VPN, SSL, SSH, whatever is appropriate for your desired level of access. Chris Berry compjma () hotmail com Systems Administrator JM Associates "Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? " _________________________________________________________________ Unlimited Internet access for only $21.95/month.รก Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Current thread:
- Re: Worldwide authentication ONEILL David J (Oct 18)
- <Possible follow-ups>
- Re: Worldwide authentication Chris Berry (Oct 21)
- Re: Worldwide authentication Fred Williams (Oct 24)
- Re: Worldwide authentication Chris Berry (Oct 25)