[4623] in WWW Security List Archive
Re: SecureID alternatives?
daemon@ATHENA.MIT.EDU (Haggard, John C.)
Sat Mar 1 13:54:19 1997
Date: Sat, 01 Mar 1997 10:05:26 -0600
From: jch@vasco.com (Haggard, John C.)
To: Kim Clancy <aisecur!KClancy@bpd.treas.gov>
CC: www-security <www-security@ns2.rutgers.edu>, dave <tel1dvw@is.ups.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Kim Clancy wrote:
>
> Dave,
> Callback is not considered anywhere as secure as a secure card. When
> call forwarding became available, it kinda defeated the security of a
> callback modem.
> Just my 2 cents worth.
>
>
> ______________________________ Reply Separator _________________________________
> Subject: SecureID alternatives?
> Author: dave <tel1dvw@is.ups.com> at Internet
> Date: 2/27/97 10:26 PM
>
>
> Hi all. I had heard once of something called 'callback'. Could you tell
> me (first of all if this message belongs here) if I can dial a modem, and
> have it call me back, and my machine answer?
>
> I would like to implement this, instead of SecureID or similar.
>
> Thanks,
> Dave Wreski
>
> --
> It is better to keep your mouth shut and be thought a fool,
> than to open it and remove all doubt.
>
>
Dave and Kim,
Callback is definately an outdated security measure, however in addition
to one time passwords such as SecurID or the AccessKey II from VASCO
(http://www.vasco.com) I might recommend you look at caller id as an
alternative to call back.
VASCO's VACMan, and when Security Dynamics completes their AccessManager
module for their ACE server, support the ability to register user's home
phone numbers and if your Communications Server has a caller id
capability, and your phone company does as well, you can control access
to your corporate network.
This of course does little for your truely mobil remote users, but that
is what tokens are for.
If you want more information, just send me a private email and I can
direct you to all of the vendors who offer such solutions.
Thanks.
John Haggard
President
VASCO Data Security, Inc.
