On Wed, 7 Feb 1996, Graham Jose wrote:
> Are there any firewall or proxy server products available that will allow
> outgoing user authentication based upon a user id, rather than an IP address?
>
> Our users are mobile and this makes it difficult to restrict internet access on a
> per user basis, since their source IP address is likely to change.
>
> Thanks,
>
> Graham
> --
> Graham Jose, Technical Analyst, Information Systems Security
> Retail Technology Services, Coles Myer Limited (Australia)
> Voice: +613 9483 7613 Email: gjose @
mecx05 .
colesmyer .
com .
au
>
Most existing firewall products can be supplemented with an interface
to some kind of enhanced user authentication. This may use a published
protocol such as XTACACS, TACACS+, RADIUS, or (our own) EASSP, or
it may use a proprietary protocol. Most of the enhanced user authentication
vendors market some kind of authentication server(s) that include
(at least) a proprietary API or (hopefully) one or more published
APIs and/or support one or more of the aforementioned protocols.
You can obtain free authentication protocol server daemons supporting
the aforementioned protocols from several of the more popular vendors
of routers and commservers and firewalls.
When you are thinking about authenticating user identity on the
Internet, make sure your implementation is non-replayable. Stealing
memorized passwords would be your biggest threat otherwise.
Our anonymous ftp archives have a lot of this stuff.
Regards,
Bob Bosen
Enigma Logic Inc.
2151 Salvio St. #301
Concord, CA 94520
USA
Tel: +1 510 827-5707
Internet: bbosen @
netcom .
com
http://www.safeword.com
ftp://ftp.safeword.com/download/ or ftp://ftp.enigmalogic.com
**************************************************************************
* "It wasn't me!!! Somebody must have captured my username/password!!!" *
**************************************************************************
References:
|
|
