RE: Strong Authentication For A Windows Logon

From: Daniel Surdu (daniels@graycon.com)
Date: 11/12/02


From: "Daniel Surdu" <daniels@graycon.com>
To: "'Alan Blackwell'" <blackwellalan@hotmail.com>, <security-basics@securityfocus.com>
Date: Tue, 12 Nov 2002 11:40:18 -0600

Yes, SecureID works that way.
You obviously need the ACE Secure ID server to be available to
authenticate the user, and you need to have the ACE Secure ID client
installed on the Laptop.
If all that is in place, if the user does not supply the correct
SecureID token, he/she cannot log on to the workstation.
I have tested the above set-up with ACE Secure ID server/client software
for Windows NT, but I am sure their newer versions that support Win2k
work the same way.

> -----Original Message-----
> From: Alan Blackwell [mailto:blackwellalan@hotmail.com]
> Sent: November 11, 2002 8:10 AM
> To: security-basics@securityfocus.com
> Subject: Strong Authentication For A Windows Logon
>
>
> Hi,
>
> The engineers where I work need to use a laptop with special
> applications on
> it to help them maintain some plant machinery. This laptop
> will be a Windows
> 2000 laptop that will log into the new Active Directory
> enabled Domain that
> is being setup. For various reasons we need very strong
> control of who logs
> onto this laptop and when.
>
> The current idea is to use strong authentication on the
> Windows logon that
> the laptop user will use. The idea is to issue a SecurID token to an
> appropriate senior engineer who needs to authorise any
> changes to the plant
> machinery. By using the token as part of the laptop's windows
> logon we can
> ensure that whichever engineer has the laptop out needs to
> call the senior
> engineer during the logon process. If they don't they can't
> logon as they
> won't have the passcode.
>
> Can anyone answer the following:
>
> Do SecurID tokens work with Windows logons in this way, if so
> how do you set
> it up?
>
> If SecurID tokens don't work in this way are there any other strong
> authentication solutions for Windows that anyone cares to
> recommend? I would
> prefer something similar to the above where a passcode from a
> token is
> required if possible.
>
> Thanks for your help.
>
> Regards
>
> Alan
>
> _________________________________________________________________
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail
>