Frederick M Avolio wrote...
>
> - $50 -- $60 is not really a lot of money per person. Yes, for
> 1000 people it is a large chunk of change, but it is an
> insignificant percentage of any individual's base cost to a
> company (including salary, benefits, admin support, phone
> support, hardware, stationery, etc.). [...]
I use a layered response set myself. Orlando is one of those fortunate
areas that has CNID (Caller-ID). Most employees just call in from home,
an order of magnitude less need it when on travel, vacations can be
handled by a pool of temorary tokens but most people want to get away
from work.
For the first group, no token is necessary since a CNID equipped modem
pool (several manufacturers makie such modems) that only answer a call from
an approved employee's home coupled with normal password practices and
limited functionality is sufficient and immune to war dialers.
(BTW while I have seen some CNID boxes spoofed, I have never seen a CNID
equipped modem spoofed - see the FAQ - I've tried 8*).
For the second much smaller group, tokens are affordable. $60 every three
years (mine has been going for over four now) is not a terrible cost though
I think that the software based tokens are even better since I really do
not want sensitive stuff on some one else's machine - this way the exec
always uses his/her/it's/other's own company-supplied notebook.
True, with the soft-tokens approaching zero delta cost per employee, this
will probably soon be an across-the-board system since it is easier. Of course
what I really want is token (soft or hard) based full session encryption and
not just password exchange. Is easy to do if the vendors will ever get off
their...(sorry).
Warmly,
Padgett
|
|
