[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure webmail and firewall issues...

To: Paul D. Robertson <proberts@clark.net>
Subject: Re: secure webmail and firewall issues...
From: Jason Axley <jason.axley@attws.com>
Date: Wed, 12 Jul 2000 12:36:45 -0700 (PDT)
Cc: Brian J. Murrell <bmurrell@turbolinux.com>, firewalls@Lists.GNAC.NET

On Tue, 11 Jul 2000, Paul D. Robertson wrote:

> I'd look closely at two-factor (hard token-based) authentication or
> challenge-response authentication.  Both of those can solve not only the
> insecurity issue, but the issues with malicious code presenting a
> certificate when a luser isn't present.

My recommendation also, for the same reasons.  The other reason is that
there is no way to ensure that a luser even puts a passphrase on their
certificate database, or a good one for that matter.  Then, a certificate
without a passphrase is in many ways less secure than a good strong
password (which you generally can check on the server-side).

-Jason

#include <std_disclaimer.h>

-- 

AT&T Wireless Services
IT Security
UNIX Security Operations Specialist

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Re: secure webmail and firewall issues...
Next by Date: MS Proxy with AIX
Prev by thread: Re: secure webmail and firewall issues...
Next by thread: RE: secure webmail and firewall issues...
Index(es):
- Date
- Thread