[vpn] Cisco 3002 Hardware client and single use passcodes

Yang Lee ylee at net50.com
Mon Oct 1 21:16:22 EDT 2001 

1. TACACS+ vs. RADIUS
pro: TACACS+ encrypts both data and password while RADIUS only does
password.
con: RADIUS is considered a more open protocol than TACACS+. For example,
Microsoft is supporting RADIUS in win2k.

2. securID vs. cryptocard
securID is my preference because of its strong encryption. Software itself
was robust and full of features (also bugs). Don't know too much of
cryptocard. Any one mind to comment?

Depend on your environment, if you are an ISP with paid customer, you will
be better off using RADIUS+ (and cryptocard or securID). Because a lot of
billing system support RADIUS better. Otherwise, you may feel better using
TACACS+ (and securID) because of its strong security. 

Hope this help.



############################################
#Yang Lee                                  #
#Sr. Internet Security Engineer, Net2phone #
#Tel. 973-412-3556                         #
#Email. ylee at net2phone.com                 #
#                                          #
#                                          #
#Disclaimer:                               #
#My opinion here does not represent my     #
#employer's in any way                     #
#                                          #
############################################

On Mon, 1 Oct 2001 Patrick.Bryan at abbott.com wrote:

> 
> How about like this?
> 
> C3002 --> RADIUS --> Cryptocard
> 
> ?
> 
> 
> 
>                                                                                                                    
>                     Yang Lee                                                                                       
>                     <ylee at net50.c        To:     Patrick.Bryan at abbott.com                                          
>                     om>                  cc:     vpn at securityfocus.com                                             
>                                          Subject:     Re: [vpn] Cisco 3002 Hardware client and single use          
>                     10/01/2001           passcodes                                                                 
>                     03:21 PM                                                                                       
>                                                                                                                    
>                                                                                                                    
> 
> 
> 
> 
> You can set it up this way:
> 
> Cisco 3002 --> TACACS+ --> SecurID Ace Server
> 
> ############################################
> #Yang Lee                                  #
> #Sr. Internet Security Engineer, Net2phone #
> #Tel. 973-412-3556                         #
> #Email. ylee at net2phone.com                 #
> #                                          #
> #                                          #
> #Disclaimer:                               #
> #My opinion here does not represent my     #
> #employer's in any way                     #
> #                                          #
> ############################################
> 
> On Mon, 1 Oct 2001 Patrick.Bryan at abbott.com wrote:
> 
> > Greetings, I am taking a look at Cisco's 3002 hardware client, and am
> > wondering if it is possible to use SecurID or Cryptocard tokens with this
> box?
> > It appears to me that it is not possible. If anyone has done this, your
> input
> > would be greatly appreciated...
> >
> >
> > Patrick A. Bryan
> > Sr. Systems Analyst
> > Abbott Laboratories
> > Worldwide Network Security Group
> >
> >
> >
> > VPN is sponsored by SecurityFocus.com
> >
> 
> 
> 
> 
> 
> 


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list