remote access solution with mobile phone / SMS-based authentication?

remote access solution with mobile phone / SMS-based authentication?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
remote access solution with mobile phone / SMS-based authentication? Gerhard Hofmann 12-19-2005
Posted by Gerhard Hofmann on December 19, 2005, 4:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all,

we have a corporate LAN here that is connected to the Internet with an
SDSL router (static ip).

We'd like to give our sales representatives and home workers (who use
dial-up internet accounts with dynamic ip) the ability to access our
corporate LAN.

Our DSL router has the ability to act as a PPTP server and we have
played a little bit around with this feature. It has worked quite well
and setup on Win-XP-Pro notebooks is quite easy, you just need to know
ip address of vpn server, user id and pass.

The problem with PPTP is its lack of security, because people tend to
write down passwords into plaintext files, save it in Outlook memos or
on their PDA etc.

It would be nice to have a solution that is as straight-forward as PPTP
VPNs (I've played a little bit around with FreeSwan and X.509
certificates and found this way too complicated...), but add some
additional security.

I could imagine something like this:
- remote user has to enter a user id and pwd
- VPN gateway checks if user an pass is correct and sends
a PIN to the user's mobile phone via short-message-service
- remote user get's SMS and has to enter PIN to be granted access

Any other method that would rely on knowledge of uid/pwd AND possession
of some peace of hardware (for example USB dongle) would also be fine.

Do you know any software or hardware based solution for this? I have
seen Portwise (www.portwise.com) on a computer fair this year and this
was very impressive. They provide SSL-based tunnels to specific
applications / TCP ports rather than access to the whole network (would
be OK for us) and make use of mobile phone based application.
Unfortunately, they do not over a trial package for their software and I
heard it is a non-trivial task to set it up.

Regards
Gerhard

Posted by Frankster on December 19, 2005, 9:31 am
If you were  Registered and logged in, you could reply and use other advanced thread options
RSA SecureID

http://www.rsasecurity.com/node.asp?id=1173

Password, PIN and Hardware.

-Frank

> Hi all,
>
> we have a corporate LAN here that is connected to the Internet with an
> SDSL router (static ip).
>
> We'd like to give our sales representatives and home workers (who use
> dial-up internet accounts with dynamic ip) the ability to access our
> corporate LAN.
>
> Our DSL router has the ability to act as a PPTP server and we have played
> a little bit around with this feature. It has worked quite well and setup
> on Win-XP-Pro notebooks is quite easy, you just need to know ip address of
> vpn server, user id and pass.
>
> The problem with PPTP is its lack of security, because people tend to
> write down passwords into plaintext files, save it in Outlook memos or on
> their PDA etc.
>
> It would be nice to have a solution that is as straight-forward as PPTP
> VPNs (I've played a little bit around with FreeSwan and X.509 certificates
> and found this way too complicated...), but add some additional security.
>
> I could imagine something like this:
> - remote user has to enter a user id and pwd
> - VPN gateway checks if user an pass is correct and sends
> a PIN to the user's mobile phone via short-message-service
> - remote user get's SMS and has to enter PIN to be granted access
>
> Any other method that would rely on knowledge of uid/pwd AND possession of
> some peace of hardware (for example USB dongle) would also be fine.
>
> Do you know any software or hardware based solution for this? I have seen
> Portwise (www.portwise.com) on a computer fair this year and this was very
> impressive. They provide SSL-based tunnels to specific applications / TCP
> ports rather than access to the whole network (would be OK for us) and
> make use of mobile phone based application. Unfortunately, they do not
> over a trial package for their software and I heard it is a non-trivial
> task to set it up.
>
> Regards
> Gerhard



Posted by Ipeefreely on December 19, 2005, 6:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 19 Dec 2005 10:43:52 +0100, Gerhard Hofmann

>Hi all,
>
>we have a corporate LAN here that is connected to the Internet with an
>SDSL router (static ip).
>
>We'd like to give our sales representatives and home workers (who use
>dial-up internet accounts with dynamic ip) the ability to access our
>corporate LAN.
>
>Our DSL router has the ability to act as a PPTP server and we have
>played a little bit around with this feature. It has worked quite well
>and setup on Win-XP-Pro notebooks is quite easy, you just need to know
>ip address of vpn server, user id and pass.
>
>The problem with PPTP is its lack of security, because people tend to
>write down passwords into plaintext files, save it in Outlook memos or
>on their PDA etc.
>
>It would be nice to have a solution that is as straight-forward as PPTP
>VPNs (I've played a little bit around with FreeSwan and X.509
>certificates and found this way too complicated...), but add some
>additional security.
>
>I could imagine something like this:
>- remote user has to enter a user id and pwd
>- VPN gateway checks if user an pass is correct and sends
> a PIN to the user's mobile phone via short-message-service
>- remote user get's SMS and has to enter PIN to be granted access
>
>Any other method that would rely on knowledge of uid/pwd AND possession
>of some peace of hardware (for example USB dongle) would also be fine.
>
>Do you know any software or hardware based solution for this? I have
>seen Portwise (www.portwise.com) on a computer fair this year and this
>was very impressive. They provide SSL-based tunnels to specific
>applications / TCP ports rather than access to the whole network (would
>be OK for us) and make use of mobile phone based application.
>Unfortunately, they do not over a trial package for their software and I
>heard it is a non-trivial task to set it up.
>
>Regards
>Gerhard


Gerhard,

Try looking at the SAFEWORD from www.securecomputing.com
They have a Token that is event driven and ties right into your
Windows DC Schema.

So when a remote user goes to the VPN they login with the username,
Password, Token number that is generated, and they also have a Pin
that they only know about.
I have been using it for years and it works great.

Similar ThreadsPosted
Solution for securing VPN/RAS using 2-factor SMS Authentication June 12, 2005, 3:01 am
Looking for system/device authentication solution for web app February 8, 2006, 9:12 am
Secure Authentication for Remote Desktop Protocol July 18, 2007, 7:24 pm
Cell Phone Forensics Class August 15, 2008, 12:07 pm
SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth. access April 8, 2004, 6:11 am
SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth. access May 17, 2004, 2:20 pm
SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access July 26, 2004, 12:36 pm
SSRT4883 ftp and ftpd remote unauthorized access December 24, 2004, 12:45 pm
SSRT4773 rev.1 HP-UX xfs and stmkfont remote unauthorized access January 26, 2005, 1:13 pm
SSRT4883 rev.0 - HP-UX ftpd remote privileged access February 10, 2005, 7:02 am

The site map in XML format XML site map

Contact Us | Privacy Policy