VPN Concentrator 3000 using TOKEN for security enhancement

zillah

zillah

zillah

Associate
Joined
5 Dec 2005
Posts
142
At work we have got Cisco VPN 3000 concentrator is currently running , I have been assigned to write document about enhancement the VPN security by using TOKEN, I have not been given any further information.



I have done an intensive search , but I could not get some thing that I can start with



Any guide will be appreciated ?
 
Its appears that whoever has given you the project is refering to two factor authentication.

Technologies included.

RSA SecureID
Steal belted Radius
SecureEnvoy (Highly recommended)


Two-factor authentication (T-FA) is any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication, which requires only one factor (knowledge of a password) in order to gain access to a system.

Common implementations of two-factor authentication use 'something you know' (a password) as one of the two factors, and use either 'something you have' (a physical device) or 'something you are' (a biometric such as a fingerprint) as the other factor. A common example of T-FA is a bank card (credit card, debit card); the card itself is the physical "something you have" item, and the personal identification number (PIN) is the "something you know" password that goes with it. See Chip and PIN for more information on this. Using more than one factor is also called strong authentication; using just one factor, for example just a static password, is considered by some to be weak authentication. (Strong authentication also includes multi-factor that do not include a physical factor (card or dongle). The multiple factors can both be online for strong authentication.)

According to proponents, T-FA could drastically reduce the incidence of online identity theft, and other online fraud, because the victim's password would no longer be enough to give a thief access to their information. However, T-FA is still vulnerable to trojan and man-in-the-middle attacks.[1]

Deployment of T-FA tools such as smart cards and USB tokens appears to be increasing. More organizations are adding a layer of security to the desktop that requires users to physically possess a token, and have knowledge of a PIN or password in order to access company data. However, there are still some drawbacks to two-factor authentication that are keeping the technology from widespread deployment. Some consumers have difficulty keeping track of one more object in their life. Also, many two-factor authentication solutions are proprietary and protected by patents. The result is a substantial annual fee per person protected and a lack of interoperability.

http://en.wikipedia.org/wiki/Strong_authentication
 
Last edited:
If you are after a neat 2 factor authentication solution, I reccomend you have a look at Identrica - www.identrica.com.

The firm I work for use it and it just works. Rather than messing with tokens that everyone keeps in the same bag as their laptop anyway, Identrica requires you to ring a number from a registered phone (mobile or landline) before you can log in. There are no call charges as the call is never actually answered, when your caller ID is received it allows you in then you hang up.
 
You must log in or register to reply here.
Back
Top Bottom