Firewalls: Re: Secure Modem Pool

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Secure Modem Pool
From:	joep @ ia . mc . xerox . com (Joe Pennell)
Date:	Fri, 28 Apr 1995 10:03:36 PDT
To:	Firewalls @ greatcircle . com

Steve Waltner wrote:
----stuff cut out----
>   What about a product from Security Dynamics and is called SecureID?
>This setup sounds like a fairly secure setup to me, but I wanted other
>opinions from readers of this mailing list.

>   The SecureID is a software/hardware package that can provide total
>network security. You setup a server that keeps track of your Keys on your
>local network. You then buy a key-card for each user that wants to use
>devices protected by this package. Each card (which is the size of a
>credit card) is configured to generate a "random" 8-digit number every 60
>seconds. The card is never turned off, so it keeps generating numbers. I
>think you even throw out the card when the battery dies. You synchronize
>the card and the server to each other when you buy more cards. Now both
>devices are synchronized, so the server always knows, exactly what number
>is displayed on the key-card at all times.
----stuff cut out----

I had a chance to use the SecureID card at a former employer, and was very
impressed.  In addition to the features mentioned, I must add that admin
of these things is great, especially if you have remote users.  The card can
be sent out to the user, and then activated only when the user confirms receipt.
Similarly, if you need to deny access ( ie. lost card or terminated user ), 
that particular card can be deactivated without having to worry about recovery
of the card.

The one complaint that I might have is the way the PIN number works.  The first
time you use the card, you type the serial number into the server.  You then
give a PIN number, and the server maintains this info.  But, all future 
connections are made on PIN number only, so the PIN number must be unique.  If
you only have a few remote users, this might be OK.  As the number grows, it
becomes a bit of a pain.  Not to mention that if somebody tries a PIN and it
doesn't work, they know that someone on the system already has it.  It might be
tough to track down who, and I was never overly concerned about those odds.

Joe Pennell
joep @
 ia .
 mc .
 xerox .
 com

Follow-Ups:

Re: Secure Modem Pool
From: woods @ ncar . ucar . edu (Greg Woods)

Indexed By Date	Previous:	DISTRIBUTION STATUS From: "Postmaster" <POSTMSTR @ RALSSW01 . USPS . GOV>
Indexed By Date	Next:	Internet classes From: fberndt @ denver . carl . org (Frank Berndt)
Indexed By Thread	Previous:	Re: Secure Modem Pool From: smb @ research . att . com
Indexed By Thread	Next:	Re: Secure Modem Pool From: woods @ ncar . ucar . edu (Greg Woods)