Vin McLellan wrote:
>
> Ralph Docken <Ralph .
Docken @
slchicago .
infonet .
com>
>
> > We want to extend Oracle access to SELECTED outsiders via Internet. We
> > use SECURID for modems (remote-control), and that works fine. We'd
> > like to use SECURID for Internet.
> >
> > Is there some way to do this? The user should be prompted for his or
> > her SECURID number. Only if it's legit should the firewall let the
> > Client/Server traffic into our server.
>
> Most of the Firewall vendors are SDTI strategic partners, and most
> have either embedded an ACE/Client or coded to the ACE API, to support
> SecurID-based user authentication within their products. It's impossible
> to give advice without more information about your environment (and you
> probably shouldn't say more about your architecture in such a public
> forum.)
>
> It is, however, entirely feasible to identify remote users with
> two-factor token authentication at the firewall, and then challenge them
> (and demand another SecurID authentication,) when they try to access the
> Oracle database. A token that gets you in the first door might fail to get
> you in the second, (When you know who has come a'calling, you can almost
> always devise a way to enforce multiple levels of authorization.)
>
> Also: check out the Oracle7 Advanced Networking Options. I think
> Oracle first offered SecurID authentication with the Oracle Secure Network
> Services, which was an earlier product. ANS has got legs and scope,
> however, may be well worth investigating if you've got O7 (and ACE/Server
> 2.3.) Your SDTI sales rep or SSE also might help. (And since you've
> already bought ACE/SecurID, you can cut to the chase and skip the eloquent
> sales speil!)
>
> Don't forget user-to-firewall crypto (at least,) if the value or
> confidentiality of your data justifies it. The Internet (and sometime an
> Intranet) is a unsafe place unless you're travelling safely wrapped and
> secured.
>
> > I'm looking for a vendor, book, web site, white paper, or anything
> > that can get me started. I'm not even sure it's possible.
> >
> > Thanks.....
> > Ralph Docken
> > Director of Systems, Networks, & Operations
> > Sargent & Lundy, LLC
Hello Ralph Docken,
I am using Firewall Toolkit by TIS at http://www.tis.com
We are using this product because it has the features that we need.
There is an Authserver included that will allow authinecation in several
modes...
This is a start.... Make sure you read all of the postscript pages that
comes with the tool kit.
have fun {:-]}
Good Luck,
Donald R. Guillot
Systems Consultant
References:
|
|
