Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Gerhard Hofmann
December 19, 2005, 9:43 am
rate this thread
we have a corporate LAN here that is connected to the Internet with an
SDSL router (static ip).
We'd like to give our sales representatives and home workers (who use
dial-up internet accounts with dynamic ip) the ability to access our
Our DSL router has the ability to act as a PPTP server and we have
played a little bit around with this feature. It has worked quite well
and setup on Win-XP-Pro notebooks is quite easy, you just need to know
ip address of vpn server, user id and pass.
The problem with PPTP is its lack of security, because people tend to
write down passwords into plaintext files, save it in Outlook memos or
on their PDA etc.
It would be nice to have a solution that is as straight-forward as PPTP
VPNs (I've played a little bit around with FreeSwan and X.509
certificates and found this way too complicated...), but add some
I could imagine something like this:
- remote user has to enter a user id and pwd
- VPN gateway checks if user an pass is correct and sends
a PIN to the user's mobile phone via short-message-service
- remote user get's SMS and has to enter PIN to be granted access
Any other method that would rely on knowledge of uid/pwd AND possession
of some peace of hardware (for example USB dongle) would also be fine.
Do you know any software or hardware based solution for this? I have
seen Portwise (www.portwise.com) on a computer fair this year and this
was very impressive. They provide SSL-based tunnels to specific
applications / TCP ports rather than access to the whole network (would
be OK for us) and make use of mobile phone based application.
Unfortunately, they do not over a trial package for their software and I
heard it is a non-trivial task to set it up.
Re: remote access solution with mobile phone / SMS-based authentication?
Try looking at the SAFEWORD from www.securecomputing.com
They have a Token that is event driven and ties right into your
Windows DC Schema.
So when a remote user goes to the VPN they login with the username,
Password, Token number that is generated, and they also have a Pin
that they only know about.
I have been using it for years and it works great.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum