Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Worldwide authentication

From: "Fred Williams" <A20FBW1 () wpo cso niu edu>
Date: Wed, 23 Oct 2002 11:57:40 -0500
Hello,

This may be overboard but I think there might be an additional problem:

They don't necessarily own portable PCs.

So are they using "trusted" pc's? ie, do you know that the computer the
trusted user is using is clean (no keylogger etc)? (say that 3 times
fast ;-)

Fred





"Chris Berry" <compjma () hotmail com> 10/18/02 05:14PM >>>

marti () videotron ca 10/17/02 06:34PM >>>

Hi everybody,
One of our client need to authenticate users that are roaming from

city

to city.
They don't necessarly own portable PCs.
We need to authenticate the users to let them access data from the
mainframe.
Note that the data is very sensitive.
What is the (esiest/not too expensive) solution?
We are already using Cryptocard/Cisco for our VPN.
We've looked at USB key token, certificates...
Our idea is to use a SSL session with authentication, need to decide
wich authentication solution is best.


The way I see it you have two problems:
1) Make sure the user logging in is the correct user

Since you can't ensure that they have any client software, I recommend
a 
dual authentication system, such as that marketed by RSA which involves
a 
password, and a code.  The code is displayed on a small device about
the 
size of a fat key and changes every 30 seconds or so.  (No, I don't
work for 
RSA, nor am I saying they are the best or only provider for this)  In
my 
opinion this system is very secure when combined with some sort of
encrypted 
communications channel.

2) Ensure that no one piggybacks or sniffs your signal.

For this encryption is the way to go, either VPN, SSL, SSH, whatever is

appropriate for your desired level of access.

Chris Berry
compjma () hotmail com 
Systems Administrator
JM Associates

"Ok, so the servers are down, the lights are out, and all I have to
work 
with is a roll of duct tape, a ball point pen, a lighter, and a twenty
year 
old copy of emacs.  Where's the problem? "


_________________________________________________________________
Unlimited Internet access for only $21.95/month.รก Try MSN! 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Previous By Date Next
Previous By Thread Next

Current thread: