Hello, This may be overboard but I think there might be an additional problem: >They don't necessarily own portable PCs. So are they using "trusted" pc's? ie, do you know that the computer the trusted user is using is clean (no keylogger etc)? (say that 3 times fast ;-)
Fred >>> "Chris Berry" <[EMAIL PROTECTED]> 10/18/02 05:14PM >>> > >>> [EMAIL PROTECTED] 10/17/02 06:34PM >>> >Hi everybody, >One of our client need to authenticate users that are roaming from city >to city. >They don't necessarly own portable PCs. >We need to authenticate the users to let them access data from the >mainframe. >Note that the data is very sensitive. >What is the (esiest/not too expensive) solution? >We are already using Cryptocard/Cisco for our VPN. >We've looked at USB key token, certificates... >Our idea is to use a SSL session with authentication, need to decide >wich authentication solution is best. The way I see it you have two problems: 1) Make sure the user logging in is the correct user Since you can't ensure that they have any client software, I recommend a dual authentication system, such as that marketed by RSA which involves a password, and a code. The code is displayed on a small device about the size of a fat key and changes every 30 seconds or so. (No, I don't work for RSA, nor am I saying they are the best or only provider for this) In my opinion this system is very secure when combined with some sort of encrypted communications channel. 2) Ensure that no one piggybacks or sniffs your signal. For this encryption is the way to go, either VPN, SSL, SSH, whatever is appropriate for your desired level of access. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? " _________________________________________________________________ Unlimited Internet access for only $21.95/month.á Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
