There is a company that provides a hardware based solution to this
problem. The products are called SafeNet that use encrypting modems and
encrypting LAN devices that would reside on the host. It requires the
remote user to insert a smart card and authentication pin that gets sent
back to the key management server then the keys get sent to the end user
and the protected server thus opening up a secure channel between the two
allowing for secure communications.
The three companies that do this that I know of are
V-one
Cylink www.cylink.com
IRE www.ire.com
You'll have to look at these to see which one would work with a
particular network topology...some support frame relay connections and
others a dedicated link only...but none of them support all of the
different configurations or topologies out there....being the down fall
for most of this technology...not to mention costs....
Jerry
On Fri, 27 Jun 1997, Marc Rouleau wrote:
> I understand that one-time passwords don't work for inbound Web traffic
> due to the nature of the HTTP protocol. Do any firewall vendors support
> anything stronger than basic password authentication for inbound HTTP
> traffic? With the current emphasis on intranets based on Web technology,
> I would guess that this is a crying need in many companies. One of our
> clients needs outside sales people to be able to access the company
> intranet securely to place orders, check inventory, status, etc., and
> the client is concerned about relying on simple password authentication.
>
> I'd love to see support for something like SecureNet-every-hour or
> SecureNet-every-day AND firewall- or webserver-based password
> authentication. Coupled with browser-based SSL encryption, this seems
> like a solid way to allow travellers to do intranet work. Ideally the
> SecureNet-every-so-often feature would optionally require authentication
> for each outside IP address so as to reduce the ability of attackers who
> have learned the user's gateway password (perhaps via shoulder-surfing)
> to get in while the user is in legitimately.
>
> Is this sensible/possible? Does anyone support it now? Is anything like
> this in the works?
>
> -- Marc Rouleau
>
> VP and Chief Technology Officer Voice: (812) 479-1700 Fax: (812) 479-3439
> World Connection Services, LLC http://www.evansville.net
>
References:
|
|
