?
Solved

Firewall / Secure ID

Posted on 1997-10-29
1
Medium Priority
?
234 Views
Last Modified: 2010-03-18
My friend logs into his corporate account by dialing
in to a toll free number. He has a secure ID card, which
shows the continuously changing password.

He often travels out of the country, during which time
he cannot access the toll free number. Is there a way
that his company's system administrator can allow him
to 'telnet' over the internet, without risking security?
0
Comment
Question by:papapa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
sauron earned 200 total points
ID: 1586772
The best way to do this is with a cryptocard or similar system.

The user gets a card, which has a PIN, known only to the user.
When he telnets in to the remote machine, he is presented with
a login prompt, where he enters his username. The machine then issues a challenge - a numerical code. He types this into his cryptocard (which is a little calculator-like device), and presses the appropriate button. The cryptocard then requires him to enter his PIN, after which it comes up with an appropriate response to the challenge. The response is valid only for that challenge. Hardware based systems like this are very secure, but expensive.

Another solution - Assuming your friend has a laptop or something which he uses, the companies sysadmin could pick up and install ssh, the secure shell. This program is very secure - it works like rsh, but the first time a connection is made, the two systems exchange public keys. This should be done on a known secure network for the first time only. On successive connection attempts, key exchange again takes place, and the keys are compared with the 'known key' for that host. A mismatch would indicate an attempted 'man in the middle' attack. After key exchange, all traffic over the connection is RSA encrypted with a 768 bit (I think) key. This should provide adequate security, even for the truly paranoid. This is a software only solution, and ssh is free software.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question