Firewall / Secure ID

My friend logs into his corporate account by dialing
in to a toll free number. He has a secure ID card, which
shows the continuously changing password.

He often travels out of the country, during which time
he cannot access the toll free number. Is there a way
that his company's system administrator can allow him
to 'telnet' over the internet, without risking security?
papapaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sauronCommented:
The best way to do this is with a cryptocard or similar system.

The user gets a card, which has a PIN, known only to the user.
When he telnets in to the remote machine, he is presented with
a login prompt, where he enters his username. The machine then issues a challenge - a numerical code. He types this into his cryptocard (which is a little calculator-like device), and presses the appropriate button. The cryptocard then requires him to enter his PIN, after which it comes up with an appropriate response to the challenge. The response is valid only for that challenge. Hardware based systems like this are very secure, but expensive.

Another solution - Assuming your friend has a laptop or something which he uses, the companies sysadmin could pick up and install ssh, the secure shell. This program is very secure - it works like rsh, but the first time a connection is made, the two systems exchange public keys. This should be done on a known secure network for the first time only. On successive connection attempts, key exchange again takes place, and the keys are compared with the 'known key' for that host. A mismatch would indicate an attempted 'man in the middle' attack. After key exchange, all traffic over the connection is RSA encrypted with a 768 bit (I think) key. This should provide adequate security, even for the truly paranoid. This is a software only solution, and ssh is free software.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.