Security Basics mailing list archives
Re: Worldwide authentication
From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 18 Oct 2002 15:14:00 -0700
>>> marti () videotron ca 10/17/02 06:34PM >>> Hi everybody, One of our client need to authenticate users that are roaming from city to city. They don't necessarly own portable PCs. We need to authenticate the users to let them access data from the mainframe. Note that the data is very sensitive. What is the (esiest/not too expensive) solution? We are already using Cryptocard/Cisco for our VPN. We've looked at USB key token, certificates... Our idea is to use a SSL session with authentication, need to decide wich authentication solution is best.
The way I see it you have two problems: 1) Make sure the user logging in is the correct userSince you can't ensure that they have any client software, I recommend a dual authentication system, such as that marketed by RSA which involves a password, and a code. The code is displayed on a small device about the size of a fat key and changes every 30 seconds or so. (No, I don't work for RSA, nor am I saying they are the best or only provider for this) In my opinion this system is very secure when combined with some sort of encrypted communications channel.
2) Ensure that no one piggybacks or sniffs your signal.For this encryption is the way to go, either VPN, SSL, SSH, whatever is appropriate for your desired level of access.
Chris Berry compjma () hotmail com Systems Administrator JM Associates"Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? "
_________________________________________________________________Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Current thread:
- Re: Worldwide authentication ONEILL David J (Oct 18)
- <Possible follow-ups>
- Re: Worldwide authentication Chris Berry (Oct 21)
- Re: Worldwide authentication Fred Williams (Oct 24)
- Re: Worldwide authentication Chris Berry (Oct 25)