Re: Ident. management product

[David Gillett <gillettdavid () FHDA EDU>]

  We've got an eval at the moment.  It's basically RADIUS on steroids, able
to backend to a variety of existing/coming identity databases including
LDAP, AD, etc, in combination.

  Our initial proof-of-concept test worked, and was easy to configure on the
server side, but hellaciously complicated on the client.  We're supposed to
have a return visit to walk through setting up a simpler client-side
scenario, but that hasn't happened yet.

  I also noticed that, having authenticated once, I was able to reconnect
several days later without apparently re-authenticating.  I haven't had a
chance to determine whether this was a silent use of stored credentials, or
whether my initial authentication persisted over that time.  Either might be
a cause for concern, especially in public-access areas where a client may
have multiple users in the course of a day.

David Gillett



  _____

From: John Tooley [mailto:jtooley () csun edu]
Sent: Friday, May 05, 2006 7:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Ident. management product



Hi.new to the list and new to Higher-Ed.so a big "howdy!"

We are investigating Identity management platforms and  NAC systems for our
enterprise.

We are about to demo Identity Engines IgnitionT product line
(http://www.idengines.com/solutions/education.php) Is anyone running a
demo/production version of this product? If so, what have been some of the
pros/cons of this solution, and how does this product compare to other
AAA/802.1x-based Ident Management products you may be running or have
tested?

Thanks!

John



John Tooley, CISSP

Information Security Analyst

California State University, Northridge