[Dshield] Web Site Authentication

Joel Esler eslerj at gmail.com
Mon Jan 29 17:02:56 GMT 2007


Privacy.  It preserves the use and constant access of SSN's by automation.

Look into Kerberos, or 3rd party/2nd factor authentication, like RSA.

Joel

On 1/29/07, Ackley, Alex <aackley at epmgpc.com> wrote:
> I need some help making a business case for changing our method of
> authenticating users.  Our current "system" is anything but.  A person's
> SSN is used and a password assigned.  The password is checked against a
> field in a database and if it matches the SSN attached they are allowed
> in.  This is done over SSL using a certificate but that is the end of
> the system.  I believe a more robust and secure system should be
> implemented because of the data that is opened to users who login.  My
> problem is in communicating the business need other then because someone
> could get in.  What makes moving from this system to another like a
> RADIUS or Kerberos based system better?
>
> Thanks
>
> Alex
> System Admin
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>


-- 
--Joel Esler
ISC Incident Handler
http://www.incidents.org


More information about the list mailing list