RE: Password security

From: Ryan Thompson (ryan@sasknow.com)
Date: 06/19/02

Next message: Ryan Thompson: "Re: Password security"
Previous message: Calvin NG: "Re: preventing tampering with tripwire"
In reply to: Eric F Crist: "RE: Password security"
Next in thread: Eric F Crist: "RE: Password security"
Reply: Eric F Crist: "RE: Password security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 18 Jun 2002 23:04:44 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Eric F Crist <ecrist@adtechintegrated.com>

Hi Eric,

Eric F Crist wrote to 'Ryan Thompson' and freebsd-security@FreeBSD.ORG:

> Have you explored the idea of biometrics?

Yes. Bad idea. I knew someone would suggest that. My original post was
too long already to include biometrics, so, since you asked, here it
is. :-)

> It requires a piece of hardware on each computer that is going to
> access the network, but the way you're making your security
> requirements sound, the security benefit is worth the cost.

Depending on the metric somewhat, collecting biometrics on insecure
systems is a serious security risk. Hardware costs aside (about 20
terminals, a few of which are home systems not even owned by the
company), it's far too easy to replay biometrics if the end system
isn't secure... and, last time I checked, most of my employees had
only 10 fingers each. Once those are gone, what then? Eyeballs? :-)
So, on a lot of levels, biometrics are not an option.

So, let's stick with password security for now. :-)

> Eric F Crist
> President/Sys Admin
> AdTech Integrated Systems, Inc
> http://www.adtechintegrated.com

-- 
  Ryan Thompson <ryan@sasknow.com>
  SaskNow Technologies - http://www.sasknow.com
  901 1st Avenue North - Saskatoon, SK - S7K 1Y4
        Tel: 306-664-3600   Fax: 306-664-3630   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Ryan Thompson: "Re: Password security"
Previous message: Calvin NG: "Re: preventing tampering with tripwire"
In reply to: Eric F Crist: "RE: Password security"
Next in thread: Eric F Crist: "RE: Password security"
Reply: Eric F Crist: "RE: Password security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[OT:] Biometrics
... Flawed biometrics offers false sense of security ... Identity Cards Bill, which calls for the use of biometric identification ... Biometrics, for those who don't know, involves the use of an individual's ... privacy, the technology of biometrics, so key to the British citizen ...
(comp.os.vms)
[Fwd: Re: Security procedure question]
... case is the need to re-clone the laptop and lose some number of unmerged ... Subject: Security procedure question ... So indirectly biometrics ... In the case where the USB fingerprint reader is stolen with the ...
(Security-Basics)
RE: Password security
... I'm sure it wouldn't be hard to setup on a FreeBSD network to do ... what kinds of things are you trying to secure that the ... network security, and it has worked wonderfully for the last 4 years. ... > Have you explored the idea of biometrics? ...
(FreeBSD-Security)
RE: Biometric question
... > I have to say I disagree with the previous posting that Biometrics are ... biometrics are proposed, they are rarely proposed "in-concert-with" other, ... > security procedures and privacy policy. ... so they cut the budgets. ...
(Security-Basics)
RE: Biometrics
... > Good point in bringing up potential security issues with biometrics. ... > compromised authentication does not allow access. ... Even then I would rule out fingerprint systems. ...
(Security-Basics)