RE: [fw-wiz] Hardware tokens for remote access authentication

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] Multiple MAC address on one interface"
• Maybe in reply to: Bill Kyle: "[fw-wiz] Hardware tokens for remote access authentication"
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Hardware tokens for remote access authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Woeltje, Don" <DWOELTJE@sebh.org>, <bill.kyle@jhu.edu>, <firewall-wizards@honor.icsalabs.com>
Date: Sat, 10 Jul 2004 11:03:39 -0400

Woeltje, Don wrote:
>Best of all, I don't have to be a programmer and "write my own code".

For example, there are S/key ports already for Pilot. S/key is not
as attractive for users as something like a SecurID and because
the Pilot already has a clock in it, using a time-code makes more
sense. http://www.swcp.com/~hudson/pilot/ has some links.

We're talking a week's work for an entry level programmer or 2-3
day's work for a senior programmer. Total cost is very very low. And then
you own it, and have no maintenance and recurring payments. You can
scale it as much as you like and if it isn't broken you don't need to fix it.
You can also not worry about the constant danger that your vendor will
get gobbled up by another vendor and the technology you just invested
$300,000 in becomes useless unsupported junk.

I know I am insane but the more I look at the industry and the cost-to-benefit
of dealing with all the intangible costs of vendor solutions and the headaches
that entail I don't think it's worth it anymore. In fact, I think that the cost savings
of much COTS software are largely illusory, except for the stuff that is totally
commoditized (in which case: pick a version that works and freeze on it. I
intent do use Office 97 until Microsoft makes sure it won't work on some
version of Windows; in which case I will freeze Windows versions) I had a
consulting client that was, corporate-wide, spending $500,000/year on
maintenance for their firewall product of choice. Heck, you can build a pretty
good firewall for less than that and own it outright for a one-time cost.
Ongoing maintenance is only an issue if you're stuck in the inane
F-with-it, patch it, F-with-it, patch it loop.

Those who can't "be a programmer and write their own code" are in
"bend over and take it" mode. If you're comfortable in that position,
then relax and enjoy the ride!

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] Multiple MAC address on one interface"
• Maybe in reply to: Bill Kyle: "[fw-wiz] Hardware tokens for remote access authentication"
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Hardware tokens for remote access authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]