Educause Security Discussion mailing list archives
Re: RSA SecurID
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sat, 27 Sep 2008 19:52:48 +1200
On 25/09/2008, at 5:05 AM, Christopher Jones wrote:
We are currently investigating two-factor authentication via RSA's SecurID appliance solution. Initially, it may be just for IT in order to manage privileged access. Eventually, it could be extended to other employees. Has anyone recently implemented this? If so, what was the scope of the implementation (IT staff only, employees, everyone)? Any feedback concerning this would be welcomed and appreciated.
We have been using RSA's SecureID for three or four years no windows, linux and various web applications. We are very happy with it. Our evaluation of the solutions available *then* came down to securid and crypto card. SecureID won out because of better coverage of relevant platorms -- that may well have changed. One feature of crypto card we liked was the ability to advance the token -- say you log into our VPN (secured by 2FA) then you want to ssh to a linux host, you must wait until the token changes (up to a minute) then you log in to the linux box and type sudo ... and wait another minute until the token changes again. We actually gave up using 2fa for sudo and went for kerberos for this reason -- i.e. login and sudo are authenticated differently. Someone recently pointed me at an open source 2FA system but I can't remember the details or find the email. I'll dig a bit more and when I find it I'll post the info to the list, Russell
Current thread:
- RSA SecurID Christopher Jones (Sep 24)
- <Possible follow-ups>
- Re: RSA SecurID Marc Scarborough (Sep 24)
- Re: RSA SecurID Mclaughlin, Kevin (mclaugkl) (Sep 24)
- Re: RSA SecurID Christopher Jones (Sep 24)
- Re: RSA SecurID Greg Vickers (Sep 25)
- Re: RSA SecurID Russell Fulton (Sep 27)
- Re: RSA SecurID Gary Dobbins (Sep 27)
- Re: RSA SecurID Nick Lewis (Sep 27)
- Re: RSA SecurID Mark Powell (Sep 28)
- Re: RSA SecurID Derek Ethier (Sep 28)
- Re: RSA SecurID Christopher Jones (Sep 29)