Hi Steve, about your webcam solution, how do you manage with your road warriors staff members. Imagine that your CEO is on the road, in some hotel, and call you telling that he forgots his password and need it to read some important email for the next meeting that will take place in 5 minutes...
How do you manage that situation ??? I thing your solution will not work in a big consulting company with people working in different locations and environments 8-( cheers, /valter On Wed, 2002-12-04 at 17:04, Champion, Steve wrote: > Your speaking about social engineering. > > Makeing sure that the person on the phone is who they say they are. > > An idea we had was to put up inexpensive computers in key locations and to > put inexpensive cameras on these systems. > > So when a person called to get their password reset, that person would go > the the password station, the helpdesk person would see the person is who > they say they are, then reset the password.. > > It could be a cheap system too, an old PC running windows, and a cheap $40 > web-camera from CompUSA and walla! > > Thank You > Steve Champion > Sr. Security Analyst > Methodist Health Care Systems > [EMAIL PROTECTED] > > > -----Original Message----- > From: Robert Sieber [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 12:50 PM > To: [EMAIL PROTECTED] > Subject: How to authentificate an user via telephon? > > > Hello colleauges, > > imaging the following situation: > > User calls the helpdesk to reset/alter some kind > of account-password (NT, RAS, PKI-PIN ...) and you > has to determin wheter the user is the correct > (owner of the account) user. What would you do > to authentificate the users identity? > > What are good methodes to do this? It should be > easy for the user but secure for the administration. > > > Robert -- ---..---..---..---..---..---..---..---..---..---..---..---..---- Valter Santos [EMAIL PROTECTED] ||| http://devfusion.net/~vsantola/keys/ (@ @) ------------------------------------------oOO--(_)--OOo---------
signature.asc
Description: This is a digitally signed message part
