>>>>> "jlb" == LAN Administrator <bcislan @
txdirect .
net> writes:
jlb> We are researching a product called Ascend Max used in
jlb> cooperation with Security Dynamics SecurID and it looks very
jlb> good. Pretty expensive but very secure.
Is SecurID an encrypted link? It's foggy-memory-time, but don't they
just do hand-held authenticator things, or am I thinking of someoen
else.
Anyway, hand-held authenticators are only good for passive attacks
like sniffing. Given the relative ease with which someone can turn
sniffing into session hijacking, cleartext one-time passwords aren't
very useful. I would dismiss the product unless it has the ability for
encrypted links, like SSH or STel.
--
C Matthew Curtin MEGASOFT, LLC Director, Security Architecture
I speak only for myself. Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin @
research .
megasoft .
com http://research.megasoft.com/people/cmcurtin/
Follow-Ups:
References:
|
|
