From: Jon Tegethoff <jet @
cypher-sage .
com>
>
> >Again, I strongly advise against using SecurID (or any other authentication-
> >only solution) for incoming Internet connections to an internal system.
>
> Since there is a significant reason in many cases to have remote users
> communicating through a firewall, what do you currently consider the best
> method with todays technology. My preference is a combination of two factor
> authentication (like SecurID or one of the challenge/response cards) used
> together with an encryption tunnel like Raptor Eagle's).
SSH and F-Secure products are quite good for secure login. SSH forms a
secure tunnel between the remote user and unix host, and SSH does support
SecurID tokens for authentication. It does mean you probably should allow
incoming SSH connections (tcp port 22) and run SSH daemon on the unix
machine. The best part is that SSH does not use some weak breakable
US-export encryption, but strong IDEA or 3DES.
Have a look at http://www.ssh.fi/ or http://www.datafellows.com/f-secure/
Jüri Kaljundi
AS Stallion
jk @
stallion .
ee
|
|
