Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Technology

What Kind Of Remote Authentication Do You Use? 36

Posted by Cliff from the show-the-credentials-please dept.
Iphtashu Fitz asks: "I have worked for a number of companies that implement different types of security policies for remote access. This has ranged from simply setting up a PPTP server with static passwords to bastion hosts using authentication tokens like RSA Security's SecurID and CRYPTOCard's product by the same name. Most people agree that static passwords on a PPTP server aren't all that secure, and anyway it's not all that easy to integrate with Linux servers. SecurID and CRYPTOCard are much more secure because they use one-time passwords generated by hardware tokens. However, when I used SecurID it seemed that their tokens would regularly lose synchronization with the server (not to mention they would expire every two years or so and were expensive to replace). The CRYPTOCard keychain token doesn't have the synchronization problem that RSA's does but it's also a pain to use because of the way you enter a PIN into it. What kind of authentication system(s) do you use where you work? What do you like and hate about it? How would you make it better if you could?"
This discussion has been archived. No new comments can be posted.

What Kind Of Remote Authentication Do You Use? More

What Kind Of Remote Authentication Do You Use?

Comments Filter:

  • First Poem (Score:3, Funny)

    by Anonymous Coward on Tuesday August 03, 2004 @04:53PM (#9871875)
    What's this error that I see?
    I do not like this 503.
    How can this have come to be,
    Using software that is free.

  • Army (Score:2, Informative)

    by rawgod0122 ( 574065 )
    The US Army uses SecureID and Kerbose. They also use a short timeout on the tickets. I have been using it for some time now and as an end user I like it.

    The system works on everything from linux, Unicos (Cray), AIX (IBM), Solaris (Sun), and every ones favorite Windows!
    • Is SecureID the same as the Army's ID card SmartCard? By "Kerbose" do you mean the one in the Army-wide Active Directory?
  • why I just use 'enter' it's easy to type and even easier to remember!

  • SecurID runs on lots of gadgets. (Score:2, Informative)

    by Anonymous Coward
    One neat aspect of SecurID is they have it on lots of gadgets - aside from the tokens, you can run it on Palm, PocketPC, and Blackberry pagers. I just wish it ran on my phone. Then I wouldn't have to carry a keyfob token.

  • Comment removed (Score:4, Informative)

    by account_deleted ( 4530225 ) on Tuesday August 03, 2004 @05:08PM (#9872050)
    Comment removed based on user account deletion

    • Re:Safeword (Score:2, Informative)

      by cinnerz ( 22046 )
      I had to use this at a job once. They were too cheap to buy the hardware tokens and made us use the
      software tokens instead - which of course was only for Windows and I didn't have a Windows machine at home. Since there isn't a time component, I generated a whole bunch of passwords, but them on a piece of paper, and carried them around.

      While the time sync problem is annoying with SecurID, it does prevent users from doing things like printing out lists of the next tokens (or saving them in a file on their
    • Because the best security products get their names from BDSM play?

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Tuesday August 03, 2004 @05:14PM (#9872133)
    Comment removed based on user account deletion

  • my dream device.. (Score:3, Interesting)

    by way2trivial ( 601132 ) on Tuesday August 03, 2004 @05:17PM (#9872171) Homepage Journal
    a simple little box, that I buy, perhaps two, configure, and send one to my mom.. she plugs it into her router..


    bam- vpn.. Yes, she has three open ports on her wifi adapter, (ok, I'm out, but I'll put in an uplink or buy a new 8port)

    why can't someone make a cheap (*behind the router*) box that lets me VPN over the internet safely, at a reasonable pricepoint? no config required other than a 256 character matching password and the IP of the other machine? they talk to each other from behind the router, and act as if they were local computers for the lan?

    • Because most home users seem to be behind NATs these days, and thus it's not very easy to make a "behind the router"-box.

    • a simple little box, that I buy, perhaps two, configure, and send one to my mom.. she plugs it into her router..

      I have to reply twice, as I forgot to say how I manage to communicate securely with my parrents computers.

      Both use SuSE Linux, I just SSH into my account, which works perfectly. I've also got the root passwords, so that I can do remote maintainance of both machines. Really nice.

      It's not as if they're on the same LAN, but that could be fixed with the VPN-over-SSH howto, if I really wanted. :
    • Better yet, why not make it the router? Check out DLink's DFL-80 ($170) or DFL-300
  • Keyfobs with customized VPN software on them. Downside is you need Linux or Windows to use it. What I'd LIKE to see- is customized VPN software that runs on a variety of machines, with both USB and SD interfaces (for handhelds and phones and such) combined with a thumbprint or retina scanner- biometrics baby, it's the only way to be sure the guy logging on is who he says he is.
  • I use ActivCard. Basically the same as SecurID, but the credit card-based smartcard can be read in a USB card reader w/ appropriate software or a standalone card reader. No need to change cards after 2 years. You can also store your own digital certicates on the card.
  • However, when I used SecurID it seemed that their tokens would regularly lose synchronization with the server (not to mention they would expire every two years or so and were expensive to replace).

    Yes, I had that problem repeatedly when a large client first went to this system. But it quit doing that at least a year ago.

    • Re:RSA fixed the problem... (Score:4, Interesting)

      by Iphtashu Fitz ( 263795 ) on Tuesday August 03, 2004 @06:31PM (#9872878)
      Yes, I had that problem repeatedly when a large client first went to this system. But it quit doing that at least a year ago.

      Sucks for RSA. We switched over to CRYPTOCard almost 2 years ago now. The constant loss of synchronization was a huge factor since we have remote offices all over the place and constantly having to resync remote users was a real pan in the ass.

      Of course the cost is still a major issue. RSA's licenses are a lot more expensive than most other alternatives. Their support contracts are very expensive. Their tokens expire every 2 years which adds yet another cost (esp. when dealing with all our remote users). Many of the other alternatives don't have tokens that expire, thus saving a lot of time & money down the line.

      • Their tokens expire every 2 years which adds yet another cost...

        My SecurID token doesn expire for another 3+ years, and I've had it more than a year. The one before this had a four-year expiration, I think.

        I haven't had to re-syncronize in years.

        Milalwi
  • I haven't gotten a chance to play with it myself but you might want to look at Wikidsystems.com.

    There are also any number of cert. based authentication like Permeo.com and Aventail.com. Cheers, -Pk

  • SecurID tokens last 5 years and the software version lasts 10 years.

  • We use the Cryptocard card token. It is more convenient than the keychain token because you have a calculator-style keypad to enter your PIN.

    That said, it is still remarkably difficult to purchase and use any of these tokens in a small shop (or home environment). Cryptocard is more small-business friendly than SecurID, but both are mainly targeted at the large enterprise.

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close