RE: remote SecureID authentication anyone?

From: Barkell, Bill (Bill.Barkell@compuware.com)
Date: 04/20/01


From: "Barkell, Bill" <Bill.Barkell@compuware.com>
To: 'Tony Landells' <ahl@austclear.com.au>, Otter <otterr@telocity.com>
Date: Fri, 20 Apr 2001 09:57:58 -0400

Secure ID can be set up for VPN in the following manner: (there may be other
ways as well)
1) VPN gateway is connected to internet
2) SecureID ACE server is set up on internal network
3) VPN gateway is told to pass authentication to the ACE server

Client connects to the gateway, conversation takes place between the gateway
and the ACE server, gateway grants access to client.

This does work with several popular VPN gateway products.

William Barkell
Network Security Analyst
Corporate Information Systems
Compuware Corporation
31440 Northwestern Highway
Farmington Hills, MI 48334

-----Original Message-----
From: Tony Landells [mailto:ahl@austclear.com.au]
Sent: Friday, April 20, 2001 3:33 AM
To: Otter
Cc: questions@FreeBSD.ORG; security@FreeBSD.ORG
Subject: Re: remote SecureID authentication anyone?

otterr@telocity.com said:
> I'm looking to setup a machine in our office so a few of us can get in
> on a VPN for network access after hours from home. I've heard VPNs are
> possible. After discussing this with office management, they say the
> only way we can do this is to use security in addition to passwords.
> When I asked if our SecureID cards/keychains would work, they agreed
> on it. Now... has anyone got this setup or something similar? I looked
> on the mailing list archives with no luck... searched some web
> pages... I even remember ssh2 using it, but now I don't see any
> reference to it in the openssh or ssh2 makefiles. Answers and/or
> suggestions are greatly appreciated.

To some extent this depends what you're intending to use for your VPN.
The SecurID server can be configured to handle RADIUS authentication,
so any VPN software that can do RADIUS can do SecurID.

Tony

-- 
Tony Landells					<ahl@austclear.com.au>
Senior Network Engineer				Ph:  +61 3 9677 9319
Australian Clearing Services Pty Ltd		Fax: +61 3 9677 9355
Level 4, Rialto North Tower
525 Collins Street
Melbourne VIC 3000
Australia
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Modifying Cryptography code
    ... I need to modify some CRYPTOGRAPHY code in Linux Kernel to get a specific ... VPN behavior, but I don't know where to start. ... gateway, decryption at the receiver). ... imposes too much processing overhead on the linux VPN gateway. ...
    (Linux-Kernel)
  • Re: WLAN AP
    ... mit dem Router zu tun - es reicht, wenn der WAP mit RADIUS kann. ... > Client über den AP zu einem VPN Gateway etabliert werden und ggf. ... Die Performance hat nichts mit dem Geld zu tun. ...
    (microsoft.public.de.german.win2000.networking)
  • Re: [fw-wiz] VPN Gateway And Nat
    ... or spoke VPN sites create a tunnel to a hub site if they are natted. ... it's obviously not a standard and you need to use their client to do it. ... I'd suggest just adding a subinterface on the router ... > the VPN Gateway must always have a public IP address. ...
    (Firewall-Wizards)
  • Re: WLAN AP
    ... Ich weis jetzt nicht genau wofür man das jeweils braucht aber die Lancom ... Client über den AP zu einem VPN Gateway etabliert werden und ggf. ... werden wohl ein paar EUR fällig werden.. ...
    (microsoft.public.de.german.win2000.networking)
  • ISA and RSA secure ID
    ... I have a back to back ISA setup. ... I want to allow the VPN connections ... through (we use RSA secureID). ...
    (microsoft.public.isa)