A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Unusual VPN requirement



 
 
Thread Tools Display Modes
  #3  
Old April 16th 05, 02:28 AM posted to uk.telecom.broadband
Vin McLellan
external usenet poster
 
Posts: 1
Default Unusual VPN requirement

Nob wrote:

Where would one insert the key fob, or some other
token? I know about USB ones or the "smartdisk"
concept that was around a few years ago (a
secure 3.5"-disk-sized device).


Alex responded:

You don't insert it anywhere.

The fob has a number (usually 8-10 digits) displayed
in a small window, that changes every 60 seconds (I
think it is possible to get them with different
periods, but all the ones I have used have been 60
seconds).


RSA's SecurID is obviously the key "fob" you are referring to, since it
is still the only one-time password (OTP) token which is time-based.
For more info, look to: http://tinyurl.com/apdyf.

The SecurID has been around for almost 20 years, so a lot of folks
think of it as the classic OTP token: a sealed, hand-held, personal
authentication devices -- for which the user at the keyboard is the
only network interface. The OTP "output" is constantly changing, and
the whole system is designed to produce an OTP that is both
unpredictable and resistant to replay.

The SecurID security paradigm is, of course, two-factor authentication
(2FA): the token-code is evidence of "something held;" a memorized
password or PIN is evidence of "something known." RSA's SecurID uses
(AES) crypto to mash binary mark for Current Time, a 128-bit token-
specific secret "seed" or key, and a couple of other numbers, to
continuously generate and display a series of 6-8 character OTP
token-codes which change every 50 seconds.

(The newest SecurID design, btw, has both a LCD display and a
retractable USB plug -- so indeed, it _can_ be inserted somewhere. It
can be used as either a stand-alone OTP token or a PKI-enabled
smartcard -- depending on local options and the security services
required.)

I've been a consultant to RSA for many years, but I've been a traveller
much longer. My experience, like Alex's, is that most Internet cafes
will not permit a visitor to plug anything into their local
workstation. YMMV, depending on your personal charm, the money you
flash, the trusting nature of the cafe manager, and how far off the
beaten path you venture. (You might have more luck plugging in a USB
pen drive, perhaps with an SSH client.)

You don't say anything about what sort of host you are trying to reach
back to contact at home, but I presume it's an ISP. If it is an ISP,
there may be some additional security measures (SSH?)that you can draw
upon by pre-arrangment, if bring an SSH client with you. It might be
hard to find an ISP that offers 2FA, however, since strong
authentication is more often used in access controls for corporate
enterprise systems.

(Having an OTP token alone is useless. OTP tokens are part of an 2FA
system that requires a specialized authentication server, agents, and
probably integration into a web server, firewall, mail server, or other
apps. (In the US, for a small monthly fee, AOL offers SecurIDs for
account access: http://tinyurl.com/8uxk6. AOL-UK -- to judge by its
-- doesn't seem to have this option available yet, but you'll probably
see OTP tokens offered by more big ISPs later this year. Anyone know of
one in the UK now?)

More likely the best you can manage may be an SSL connection between
your cafe PC and your home mail server. Whatever arrangements you
manage, you should be modest in your security assumptions. As Killa
warned: with one end of the connection presumptively untrustworthy,
all claims of security must be relative and conditional. Key-loggers
are the only risk if you are relying on a PC that could be controlled
by a hostile party.

Have a great trip;-)

Suerte,
_Vin

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unusual VPN requirement Ian uk.telecom.broadband (UK broadband) 0 April 14th 05 05:37 PM
Unusual VPN requirement Alex Heney uk.telecom.broadband (UK broadband) 0 April 14th 05 05:16 PM


All times are GMT +1. The time now is 10:12 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.