Re: [SUMMARY] Can SecurId be used to protect client-server TCP/IP connections?

From: Kevin Johnson <kjj_at_pondscum.phx.mcd.mot.com>
Date: Wed, 19 Jan 1994 17:03:41 GMT
Message-ID: <KJJ.94Jan19100343_at_pondscum.phx.mcd.mot.com>

In article <ks.58.000D2B81_at_ic.uva.nl> ks_at_ic.uva.nl (Karel Sprenger) writes:

   Introduction

---

   October last year I asked the news groups comp.client-server,    comp.databases.oracle and comp.security.misc if anybody had used SecurID cards    and software to protect client/server connections (and in particularfor ORACLE    and SQL*Net). A number of people reacted to this and it is now more    than time for this summary.

[MEAT DELETED]
   The conclusions (so far)

---

1. Security Dynamics ACE server should be looked into.
2. Oracle and other vendors should be requested to provide sufficient hooks to add this kind of functionality.
3. There may be the old (?) problem of US export controls on encryption and athentication code.

[MORE MEAT DELETED]
   Conclusions

---

   At this moment C/S cannot be protected with a device like SecurID. In other    words: if user authentication is required, you're tied to the OS login    strengthened with SecurID or something similar.    The answers from Marcus Ranum, Mark Johnson and Security Dynamics could be    reason to hope for a "safer" C/S in another two or three years.

I guess I'm curious if there a reason that just Security Dynamics is being discussed here? Has any dialog with Digital Pathways occurred?

--
#include <std_disclaimer>
"Frank Zappa is dead - the world is a duller shade of gray" - me
.-----------------------------------------------------------------------------.
| Kevin Johnson                                           kjj_at_phx.mcd.mot.com |
| Information Technologies Network Administrator  Motorola MCG                |
| MCG postmaster, MCG Network Security Administrator                          |

Received on Wed Jan 19 1994 - 18:03:41 CET