SecurID and FreeS/WAN GW

• Previous message: Richard Garand(104): "Re: Restricted Shells or Menu Based Shells"
• Next in thread: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Kee Hinckley: "Re: SecurID and FreeS/WAN GW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
From: RussellJ@louisdreyfus.com
Date: Tue, 5 Mar 2002 16:20:09 -0500

greetings!

I'm in process of building a FreeS/WAN VPN + filtering firewall between my
LAN and my 802.11b LAN. I'd like to authenticate with SecurID tokens as we
already have an ACE Server (ver 5.0 methinks). While I realize that IPSEC
VPN's usually uses public-private keys, I'm concerned that a laptop might
get into the wrong hands and then security doesn't matter too much.
Therefore, the two-factor authentication that RSA SecurID provides gives
us that extra layer of assurance that we'd like to have.

Does anyone know if this has been done anywhere or even similar
circumstances? Or perhaps what systems I should put together (http proxy +
FreeS/WAN?) to make this happen. I don't know how the authentication would
work since I'm only familiar with RSA's commercial clients under Windows.
Would I need a client on every wireless node or is it browser based? I
see that RSA offers the ClearTrust product with an Apache reverse proxy.
Is that part of what I might need? I know that ACEServer _does_ support
some subset of the RADIUS protocol if that gives anyone any ideas. I can
use a commercial or Free Software product on either GNU/Linux or Solaris.

Presently, I'm using DUCLING from the Linux Router Project , but I have no
problems moving to a hard drive solution.

thank you,
Jim

     - James L. Russell -
     Systems Administrator
   Louis Dreyfus Corporation
email: russellj@louisdreyfus.com

• Previous message: Richard Garand(104): "Re: Restricted Shells or Menu Based Shells"
• Next in thread: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
• Reply: Kee Hinckley: "Re: SecurID and FreeS/WAN GW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: RSA secureID ... demand two-factor authentication: the user's memorized PIN, ... the ISA support docs for installing ACE/SecurID, ... RSA, over the past 15 years, ... them certified as "SecurID Ready" out of the box. ... (microsoft.public.platformsdk.security) Re: Configuring RSA Securid on ISA 2004 server ... > authenticate to website using the RSA Securid. ... Microsoft's ISA Server 2004 supports the native SecurID ... also install RSA's ACE/Agent for Windows. ... This is a major advance in the integration of RSA's authentication ... (microsoft.public.isa.configuration) Re: securID weakness ... > by tying users to logins authenticated by securID can now be ripped ... electronic physical authentication device), ... oppressive surveillance, modern management systems rely upon authentication, ... The token-holder must be must be ... (comp.security.misc) Re: Requesting additional authentication from remote user ... You might look into RSA ... > SecurID, as that is an interesting alternative. ... > SecureID and Microsoft Internet Authentication Service." ... The latest version of RSA SecurID for Windows, ... (microsoft.public.win2000.ras_routing) Re: [SLE] cyrus configuration ... >>(I really don't want plaintext passwords unless it's between my LAN and DMZ) ... I have plaintext authentication against my /etc/passwd file. ... email server and since IMAP is only from the LAN it might be OK. ... I'm still not sure how to limit a DMZ service to a LAN subnet only. ... (SuSE)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint