How to authenticate people ... and make sure of identity.(500 Points)
Hi Gentls,
I need your help...I have a portal and many people will login to it. I allow some range of IPs..the problem now if my customer try to login from a public area outside the allowed IP ranges..
how to allow them to loin and on the same time making sure that the users will not share same account or give to their friends.
Cheers.
I need your help...I have a portal and many people will login to it. I allow some range of IPs..the problem now if my customer try to login from a public area outside the allowed IP ranges..
how to allow them to loin and on the same time making sure that the users will not share same account or give to their friends.
Cheers.
ASKER
Hi,
U mean giving the persone who will log from out of the IP ranges..giving him a usernam/passwd with a RSA access?
U mean giving the persone who will log from out of the IP ranges..giving him a usernam/passwd with a RSA access?
ASKER
for example, I would like to know how the international encyclopedia online libraries are working for private access or people?
as I know they will allow based IP ranges and also allow personeel access?
can I know how they are implement it?
as I know they will allow based IP ranges and also allow personeel access?
can I know how they are implement it?
Well, I have no idea what that company does for security. But whatever the details might be, most companies follow the same theory and standards. How you implement those standards is up to you, your company, and your budget.
Having the source IP as the only method of authenticating a vpn is not a good idea IMHO.
Having the source IP as the only method of authenticating a vpn is not a good idea IMHO.
ASKER
any other comments ls?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do your users need to be able to access the website via any system?
An option would be to configure username + password authentication, and log the IP address they login from. Your website could be configured to restrict a maximum number of IP's a user can login from to prevent users from sharing their accounts with other users.
Allowing the users to customise those IP ranges themself in their user profiles would save you some administration effort.
An option would be to configure username + password authentication, and log the IP address they login from. Your website could be configured to restrict a maximum number of IP's a user can login from to prevent users from sharing their accounts with other users.
Allowing the users to customise those IP ranges themself in their user profiles would save you some administration effort.
Agreed, two factor authentication and not using the ip address.
As far as guaranteeing users do not give it out to friends, well, that's pretty hard to do. But the best is with SecureID keys - the ones that change every 10 seconds. Another version of two-factor is a certificate plus a password. The certificate be put on any machine so it doesn't limit you to an ip range. THe problem is then that the certificate can be distributed anywhere to any machine.
As far as guaranteeing users do not give it out to friends, well, that's pretty hard to do. But the best is with SecureID keys - the ones that change every 10 seconds. Another version of two-factor is a certificate plus a password. The certificate be put on any machine so it doesn't limit you to an ip range. THe problem is then that the certificate can be distributed anywhere to any machine.
ASKER
Many thnks..
Usually this is "Something they have and Something they know".
An example 2 factor setup could use an RSA SecureID solution. The Secure ID is a device that created a new 6 digit number every 60 seconds. The end user must provide the current 6 digit number (something they have) along with a password (something they know).
This eliminates using IP ranges as a method to authenticate which IMHO is not secure at all.
You could also use a mix of Passwords, certificates, Secure Desktop registry checks.... just off the top of my head.
Here's some reading to get you started:
http://www.topbits.com/two-factor-authentication.html