Solved

Firewall / Secure ID

Posted on 1997-10-29
1
231 Views
Last Modified: 2010-03-18
My friend logs into his corporate account by dialing
in to a toll free number. He has a secure ID card, which
shows the continuously changing password.

He often travels out of the country, during which time
he cannot access the toll free number. Is there a way
that his company's system administrator can allow him
to 'telnet' over the internet, without risking security?
0
Comment
Question by:papapa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
sauron earned 100 total points
ID: 1586772
The best way to do this is with a cryptocard or similar system.

The user gets a card, which has a PIN, known only to the user.
When he telnets in to the remote machine, he is presented with
a login prompt, where he enters his username. The machine then issues a challenge - a numerical code. He types this into his cryptocard (which is a little calculator-like device), and presses the appropriate button. The cryptocard then requires him to enter his PIN, after which it comes up with an appropriate response to the challenge. The response is valid only for that challenge. Hardware based systems like this are very secure, but expensive.

Another solution - Assuming your friend has a laptop or something which he uses, the companies sysadmin could pick up and install ssh, the secure shell. This program is very secure - it works like rsh, but the first time a connection is made, the two systems exchange public keys. This should be done on a known secure network for the first time only. On successive connection attempts, key exchange again takes place, and the keys are compared with the 'known key' for that host. A mismatch would indicate an attempted 'man in the middle' attack. After key exchange, all traffic over the connection is RSA encrypted with a 768 bit (I think) key. This should provide adequate security, even for the truly paranoid. This is a software only solution, and ssh is free software.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question