At 10:52 PM 8/31/96 -0400, "Gary G. Hull" <ggh14854 @
glaxo .
com> allegedly wrote:
>On Thu, 29 Aug 1996 potlicker @
morebbs .
com wrote:
>
>> Anyone one else had trouble or success getting Secure ID to run on a
>> TIS Gauntlet?
>> PoT_LiCkEr
8< [snip]
>We had great success getting securid running on our TIS. All we had to do
> was register the TIS box with the master server, move a copy
> of the sdconf.rec file to the /var/ace directory on the TIS and
> remove the existing securid file. A new securid file is created
> by the system at the time the first authentication login is
> accomplished.
> Hope this helps. Good luck....
>
> |/
> ---o0o-@@-o0o---------
>
> Gary G. Hull - Technical Consultant
> email: gary_hull @
glaxowellcome .
com
Hopefully, the SecurID connection is being used to authenticate internal
users before they go to the Internet and not for incoming connections.
Using SecurID (or Digital Pathways, S/Key, etc) is *lethal* if you are
planning on using it to authenticate users from the Internet who wish
to access a system on your internal network which is protected by the
firewall. The reason is that the user may have his/her session hijacked
by an attacker.
Please note that this is *NOT* a security problem with Gauntlet or any
other firewall. The problem is relying on authentication-only mechanisms
for protection. Implementing User->Firewall encryption will help to solve
this problem.
Again, I strongly advise against using SecurID (or any other authentication-
only solution) for incoming Internet connections to an internal system.
Best Regards,
Frank
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
<standard disclaimer>
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist
|
|
