Solved

Firewall / Secure ID

Posted on 1997-10-29
1
181 Views
Last Modified: 2010-03-18
My friend logs into his corporate account by dialing
in to a toll free number. He has a secure ID card, which
shows the continuously changing password.

He often travels out of the country, during which time
he cannot access the toll free number. Is there a way
that his company's system administrator can allow him
to 'telnet' over the internet, without risking security?
0
Comment
Question by:papapa
1 Comment
 
LVL 3

Accepted Solution

by:
sauron earned 100 total points
ID: 1586772
The best way to do this is with a cryptocard or similar system.

The user gets a card, which has a PIN, known only to the user.
When he telnets in to the remote machine, he is presented with
a login prompt, where he enters his username. The machine then issues a challenge - a numerical code. He types this into his cryptocard (which is a little calculator-like device), and presses the appropriate button. The cryptocard then requires him to enter his PIN, after which it comes up with an appropriate response to the challenge. The response is valid only for that challenge. Hardware based systems like this are very secure, but expensive.

Another solution - Assuming your friend has a laptop or something which he uses, the companies sysadmin could pick up and install ssh, the secure shell. This program is very secure - it works like rsh, but the first time a connection is made, the two systems exchange public keys. This should be done on a known secure network for the first time only. On successive connection attempts, key exchange again takes place, and the keys are compared with the 'known key' for that host. A mismatch would indicate an attempted 'man in the middle' attack. After key exchange, all traffic over the connection is RSA encrypted with a 768 bit (I think) key. This should provide adequate security, even for the truly paranoid. This is a software only solution, and ssh is free software.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now