On 01/11/13 11:07, Josh Smift wrote:
How different is the Symantec solution from SSH with a key with a passphrase? Not that there's anything wrong with SSH with a key with a passphrase; but if that's good enough, what do you get by adding Symantec?
Key can be copied. So, it does not really meet the "something you have" aspect. The biggest issue with the "key with passphrase" is that you have zero ability to enforce the passphrase strength or even if it exists.
Soft tokens (any type) can be copied, dependent on the platform it is running on. Easiest is a system back/restore. Otherwise picking the right files to copy. (in the "right files" ssh key is a single well known file, as for Symantec or RSA soft tokens, not sure which files, but it can be known)
With Symantec, it is an additional step, so you still have a service passphrase, if implemented.
With RSA, you enter the knowledge part (PIN) to the soft token and it is used with the serial number and time, to generate the code. Both the user and the RSA server must know the PIN. The serial number is known by the RSA server and the token software.
-- Mr. Flibble King of the Potato People _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
