[4615] in WWW Security List Archive
Re: SecureID alternatives?
daemon@ATHENA.MIT.EDU (Benjamin Camp)
Fri Feb 28 13:06:18 1997
Date: Fri, 28 Feb 1997 09:01:44 -0600 (CST)
From: Benjamin Camp <benc@geocel.com>
To: dave <tel1dvw@is.ups.com>
cc: www-security <www-security@ns2.rutgers.edu>
In-Reply-To: <Pine.GSO.3.93.970227222457.4602B-100000@butthead>
Errors-To: owner-www-security@ns2.rutgers.edu
Callback is an okay solution, but you're confined to certain numbers it
can call. For example, you will call in initially and it will either try
to call you back at one number or let you choose (or choose with ANI or
CPID) out of a database of numbers you're allowed to call from. If you
go on vacation, chances are it won't call you back unless you set it wide
open which is then dumber than not having it and opens you up to pay long
distance while people are hacking your site.
Second, no the message really doesn't belong here.. however securing your
intranet is one of the topics people usually end up talking about so.. wth
Ben
On Thu, 27 Feb 1997, dave wrote:
>
> Hi all. I had heard once of something called 'callback'. Could you tell
> me (first of all if this message belongs here) if I can dial a modem, and
> have it call me back, and my machine answer?
>
> I would like to implement this, instead of SecureID or similar.
>
> Thanks,
> Dave Wreski
>
> --
> It is better to keep your mouth shut and be thought a fool,
> than to open it and remove all doubt.
>
>
>
