As currently designed, it requires a third party LEAP client be installed, on top of the wiredless client needed for the card and any other necessary software. Not high on my favorites list right now..
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2003 5:43 PM > To: Exchange Discussions > Subject: RE: OWA front end server - licensing and security > > > Shhhh!!!!!! > > Our security folks wanted SecurID for wireless, but we managed to talk > them into just a userid/passwd. We told them NO ONE ELSE was using > SecurID for wireless... > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2003 1:54 PM > To: Exchange Discussions > Subject: RE: OWA front end server - licensing and security > > > It really is a cool system. > > We're currently using it for VPN access and front ending OWA, > and we're > playing with it and some Cisco Aironet wireless devices - requiring > SecurID authentication before you get onto the wireless network. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 19, 2003 2:21 PM > > To: Exchange Discussions > > Subject: RE: OWA front end server - licensing and security > > > > > > I've not examined the system for several years (I'm just a > happy user > > now, not and admin), but at least at one time SecurID would > accept the > > > current code (of course),one code behind or one ahead for a total > > window of 3 minutes as Roger notes. > > > > If the gadget's clock had drifted to more than one minute > off, and you > > > were TWO codes ahead or behind, the system would > additionally prompt > > for the NEXT code displayed to make sure you were you, and it would > > update the stored time offset for your gadget. Pretty slick system. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 19, 2003 10:01 AM > > To: Exchange Discussions > > Subject: RE: OWA front end server - licensing and security > > > > > > Actually, you've got the system down correctly. > > > > However, the slack time is +/- 1 minute, so you really get 3 > > minutes per > > code. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] > > > Sent: Friday, September 19, 2003 10:29 AM > > > To: Exchange Discussions > > > Subject: RE: OWA front end server - licensing and security > > > > > > > > > Forgive me for arguing, but I believe the time alloted > for guessing > > > that third factor is even less than indicated below. Of course, > > > by token, I am > > > referring to what RSA calls a "keyfob." Is that what you are > > > referring to > > > as well? > > > > > > Here is what I understand to be the process, from reading the > > > manuals we > > > have: > > > 1. Upon issuance to the user, you synch the token/keyfob > > > with the the RSA > > > server DB. > > > 2. A 6-digit code displays for 1 minute on the token. > > > 3. If used for authentication within that 1 minute period, it is > > > "time-stamped" as to when you entered the Passcode (PIN + > > > code) and has an > > > additional 1 minute latency period. Meaning that if you > > > dial-up and enter > > > your passcode, 30-seconds into the code, you have 1:30 to > > > connect to the > > > dial-up server and be authenticated. > > > 4. If you enter the same code after the display has rolled > > > over however, > > > that code is no longer valid, as the timestamp when you > > > entered it will no > > > longer match with the timestamp on the server for when that > > > code was valid. > > > > > > So the short version is that if you enter the code while it's > > > displaying on the token, it's good for 1 minute with a 1 minute > > > latency period. If you > > > don't enter the number while it's viewable, then you've > > > missed your window > > > of opportunity, because it was only good for one minute. Oh > > > and BTW...if > > > you are trying to guess the code and miss it three times, > > > regardless of > > > length of time between guesses, it will lock your token until > > > an admin can > > > reset it. > > > > > > That's how I understand the process. > > > > > > -----Original Message----- > > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > > Sent: Friday, September 19, 2003 5:44 AM > > > To: Exchange Discussions > > > Subject: RE: OWA front end server - licensing and security > > > > > > > > > It doesn't stop key logging per se, but it renders it ineffective. > > > > > > The SecurID tokens use a three factor[1] authentication > system, in > > > which the third piece is a 6 digit, one time use code. > That code is > > > good for exactly 3 > > > minutes, and once used cannot be used again. > > > > > > Therefore, logging the authentication process is useless, > as you'll > > > only get 2 of the 3 factors, and for the third factor, > you have a 1 > > > in 1,000,000 > > > chance, reset every three minutes, to guess that last part. > > > > > > Roger > > > -------------------------------------------------------------- > > > Roger D. Seielstad - MTS MCSE MS-MVP > > > Sr. Systems Administrator > > > Inovis Inc. > > > > > > [1] They call it 2 factor, but you need a username, a > PIN, and the > > > securID token number to log in - that's either 3 or 11, > depending on > > > how much of a > > > geek you are. > > > > > > :::: snip :::: > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
