[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] User authentification
Telnet, ftp and http all use plaintext passwords. There is no way
to change this without breaking something. This is why one-time
password schemes were invented. This way, even if someone *does* sniff
the password, the password they obtain will not be useful to them. I
have an FAQ entry about this on my web page.
If you insist upon static passwords, you should require some sort of
session-based encryption like SSL for HTTP sessions, ssh for
telnet-type sessions. If your clients use PCs, you can also have
them use SecuRemote (assuming you have an encryption license on
your firewall). You should insist upon this anyway if the data the
user is accessing is confidential in nature.
An ideal situation would be to have both strong encryption and
one-time password authentication.
-- PhoneBoy
>If I use User Authentification, the logon-ID and Password will be
send in
>clear between the client and FW1.
>
>Is it possible to have this session encrypted so there would be no
way
>somebody can intercept it?
--
PhoneBoy (a.k.a Dameon D. Welch) dwelch@phoneboy.com
PhoneBoy's FireWall-1 FAQs -- http://www.phoneboy.com/fw1/
The views expressed may not be those of my employer. Fnord
_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================