[Dshield] Web Site Authentication
eslerj at gmail.com
Mon Jan 29 17:02:56 GMT 2007
Privacy. It preserves the use and constant access of SSN's by automation.
Look into Kerberos, or 3rd party/2nd factor authentication, like RSA.
On 1/29/07, Ackley, Alex <aackley at epmgpc.com> wrote:
> I need some help making a business case for changing our method of
> authenticating users. Our current "system" is anything but. A person's
> SSN is used and a password assigned. The password is checked against a
> field in a database and if it matches the SSN attached they are allowed
> in. This is done over SSL using a certificate but that is the end of
> the system. I believe a more robust and secure system should be
> implemented because of the data that is opened to users who login. My
> problem is in communicating the business need other then because someone
> could get in. What makes moving from this system to another like a
> RADIUS or Kerberos based system better?
> System Admin
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
ISC Incident Handler
More information about the list