HPE Community
Operating System - HP-UX
1826343 Members
4709 Online
109692 Solutions
New Discussion

RSA SecureID the answer?

 
Jason Moorhead_2
Frequent Advisor

‎06-26-2003 07:35 AM

‎06-26-2003 07:35 AM

RSA SecureID the answer?

Hi all,

In order to 'beef up' security on a rather insecure wireless network of handheld terminals, we would like to institute an extra layer of security, in addition to username and password. Would a SecureID system be the answer, where there is an additional password required (provided by a handheld 'card' that changes its display every 60 seconds or something)? Anyone have any ideas?

Thanks!
Jason Moorhead
0 Kudos
Reply
8 REPLIES 8
Ken Hubnik_2
Honored Contributor

‎06-26-2003 07:39 AM

‎06-26-2003 07:39 AM

Re: RSA SecureID the answer?

Make sure that you are running SSH. That all the communication is encrypted. Also, you can create an isolated subnet.
0 Kudos
Reply
Jon Mattatall
Esteemed Contributor

‎06-26-2003 07:56 AM

‎06-26-2003 07:56 AM

Re: RSA SecureID the answer?

SecurID will work, but I understand it's a little pricey. We use it here for RAS connectivity.

It depends on whether your focus is on securing the terminals or the data. Maybe an additional encryption layer would be desirable.

I'm not real familiar with wireless security. This page

http://www.drizzle.com/~aboba/IEEE/

offers a few options, and there may be something you can use as a starting point anyway.

Jon
A little knowledge is dangerous - none is absolutely terrifying!!!
0 Kudos
Reply
Chris Vail
Honored Contributor

‎06-26-2003 12:05 PM

‎06-26-2003 12:05 PM

Re: RSA SecureID the answer?

We use A LOT of RSA SecureID systems here. They are pricey--$65 each last I heard, plus software licenses and special Cisco hardware as well. It'll take a while to implement. So don't enter into this step casually.

I wish I could tell you more about our security here, but really, really can't: there's too much at stake here.

I will say that this system is well worth the investment, and should be a cornerstone of an overall security system. All by itself, its not enough: you need policies and procedures as well to administer and maintain this and the other systems.

Do use secure shell. You can't beat the price and its easy to install and maintain (my usual document attached). In addition, seriously consider Citrix MetaFrame for Unix, or Tarantella as another part of your solution. We use the Citrix product here (due to politics, of course) but consider the Tarantella product a better choice tecnically.

Any way you go, you need to have an overall security strategy--which we can discuss here on ITRC, but only you know your exact requirements. There are several books on the subject: I recommend _Practical Unix and Internet Security_ by Garfinkel and Spafford, O'Reilly books, as a place to start. This is the reference used in the HP Unix Security course.

Let us know how things work out for you

Chris
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎06-26-2003 01:07 PM

‎06-26-2003 01:07 PM

Re: RSA SecureID the answer?

Hello!

It give you the answer but it coast money,
if you will want to pay much less go on the
ssh solution that use the RSA, secure all the
connections and encript the data, passwords
users and so on with no money just configure.

Caesar
0 Kudos
Reply
Jason Moorhead_2
Frequent Advisor

‎06-26-2003 01:20 PM

‎06-26-2003 01:20 PM

Re: RSA SecureID the answer?

After seeing the replies, I've decided that a RSA/SercureID solution will be the way to go. Money is really not an issue in this instance, and actually, the solution is much less than I expected.

From an end-user standpoint, this really is the easiest solution to implement. If anyone is curious about general pricing, feel free to e-mail me. Thanks for all the replies!
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-01-2003 03:08 AM

‎07-01-2003 03:08 AM

Re: RSA SecureID the answer?

Hi,

Two-factor authentication can be implemented using various methods. One of the cheapest methods is via handphone SMS.

Handphone - what you have
userid/pin - what you know

So if you can generate a one-time password to the handphone of the user logging on, that satisfies the requirement for two-factor authentication.

If you have an existing SMS gateway, make full use of it. I think this might be cheaper than SecurID, depends on how you look at it.

For the SecurID, don't forget that you need the expensive ACS access control server too.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Jameel Syed
New Member

‎08-10-2003 09:14 AM

‎08-10-2003 09:14 AM

Re: RSA SecureID the answer?

Have you taken a look at the Schlumberger's OneTimePassword offering.

That seems like another alternative to RSA SecureID.

Thanks,
Jameel.


0 Kudos
Reply
Craig Parker_1
New Member

‎09-28-2004 03:42 AM

‎09-28-2004 03:42 AM

Re: RSA SecureID the answer?

In regards to Stevens comments you may want to check out the new 2FactorSMS component from www.zone443.com. This product is designed for Microsoft websites and provides a means of sending one-time passwords to mobile phones via SMS messages. The beta version of 2FactorSMS supports over 400 mobile phone networks in over 150 countries around the world.

The message cost comes into account, but the initial setup cost is extremely low.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.