I was surfing on the net one day and stumbled onto one with a slick
user I/F where you can watch the net traffic & just hit a key to take
over the session. I'll have to dig up where I saw it (I had to
re-install Netscape & lost my bookmarks). 8^( I think the commercial
version is available for a couple of hundred dollars.
Authentication (even encrypted one-time pad authentication) alone isn't
worth much. Strong authentication *plus* solid encryption is what I would
recommend to anyone who is serious about protecting their company from
the hazards of connecting to the Internet. I would look for fully encrypted
links.
>From the what-it's-worth department
- When I was doing a firewall evaluation a while ago, the only firewall
vendor that had a solid authentication/encryption scheme was V-ONE.
They had user-friendly fully-encrypted links (user->firewall &
firewall->firewall). Virtually transparent to the users too. If I
remember right, their number was (301) 838-8900.
But, I digress...
Best Regards,
Frank
>>Any hacker worth their salt will let the user long in using strong
>>authentication and then take over the session after the user has
>>logged in to their system. It is better to rely on user -> firewall
>>and/or firewall -> firewall encryption (using strong authentication,
>>of course) than to rely on strong authentication only.
>>
>I've been being told that most companies are piling their resources
>(buck) on the authentication and not using traffic encryption because
>they feel that session assumptions is really more difficult that one
>would be lead to believe and encryption represents considerable overhead.
>Any comments?
>Thanks,
>Bill
>
>The opinions expressed here-in are my own. Any similarities between these
>opinions and those of any other person - living or not - including my
>employer are purely coincidental.
>
>����
>����
>
Follow-Ups:
|
|
