[FW1] Hardware tokens / PIN authentication

["[iso-8859-1] Bjørnar B. Larsen" <bbl@avenir.no>]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


I'm twisting my leg here to make dial-up access to the 
LAN as safe as possible. A vendor has suggested I use a 
Cisco 3620 combined with a Shiva Access Manager and hard 
tokens (user pin codes generated by one of those pin 
generating "calculators" many banks use for safe internet 
banking).

With a setup like this, even if I place the Cisco and the Shiva on a
separate NIC, access will be only as secure as the Cisco router. I'd at the
least need to allow access to the resource servers on the LAN, and then the
resource servers will contact the PDC/BDC themselves to authenticate. My
system: NT4 servers only. FW-1 ver4 sp3 running on NT4.

Well. If I could use the firewall itself as a transmitter from the router to
the Shiva, or install appropriate software on the firewall an drop the Shiva
alltogether, I'm sure the firewall could be set up to only allow connections
through if the PIN was right.

Does anyone know of solutions like the one I'm thinking of, or other
solutions that will make cracking router useless?

Thanks for any suggestions,

:) bblarsen

Ps: I have read http://www.phoneboy.com/fw1/faq/0185.html, but it's not
terribly detailed as to what I'm considering.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================