[vpn] Cisco 3002 Hardware client and single use passcodes

Patrick.Bryan at abbott.com Patrick.Bryan at abbott.com
Mon Oct 1 21:29:48 EDT 2001


Yang, what I don't comprehend, is how even using Radius, to allow the C3002 to
make use of one time passcodes. As for Cryptocard, my experience has been very
good.. Anyhow, please expand on the one time passcode issue further, if you
would..

Pat



                                                                                                                   
                    Yang Lee                                                                                       
                    <ylee at net50.c        To:     Patrick.Bryan at abbott.com                                          
                    om>                  cc:     vpn at securityfocus.com                                             
                                         Subject:     Re: [vpn] Cisco 3002 Hardware client and single use          
                    10/01/2001           passcodes                                                                 
                    08:16 PM                                                                                       
                                                                                                                   
                                                                                                                   




1. TACACS+ vs. RADIUS
pro: TACACS+ encrypts both data and password while RADIUS only does
password.
con: RADIUS is considered a more open protocol than TACACS+. For example,
Microsoft is supporting RADIUS in win2k.

2. securID vs. cryptocard
securID is my preference because of its strong encryption. Software itself
was robust and full of features (also bugs). Don't know too much of
cryptocard. Any one mind to comment?

Depend on your environment, if you are an ISP with paid customer, you will
be better off using RADIUS+ (and cryptocard or securID). Because a lot of
billing system support RADIUS better. Otherwise, you may feel better using
TACACS+ (and securID) because of its strong security.

Hope this help.



############################################
#Yang Lee                                  #
#Sr. Internet Security Engineer, Net2phone #
#Tel. 973-412-3556                         #
#Email. ylee at net2phone.com                 #
#                                          #
#                                          #
#Disclaimer:                               #
#My opinion here does not represent my     #
#employer's in any way                     #
#                                          #
############################################

On Mon, 1 Oct 2001 Patrick.Bryan at abbott.com wrote:

>
> How about like this?
>
> C3002 --> RADIUS --> Cryptocard
>
> ?
>
>
>
>

>                     Yang Lee

>                     <ylee at net50.c        To:     Patrick.Bryan at abbott.com

>                     om>                  cc:     vpn at securityfocus.com

>                                          Subject:     Re: [vpn] Cisco 3002
Hardware client and single use
>                     10/01/2001           passcodes

>                     03:21 PM

>

>

>
>
>
>
> You can set it up this way:
>
> Cisco 3002 --> TACACS+ --> SecurID Ace Server
>
> ############################################
> #Yang Lee                                  #
> #Sr. Internet Security Engineer, Net2phone #
> #Tel. 973-412-3556                         #
> #Email. ylee at net2phone.com                 #
> #                                          #
> #                                          #
> #Disclaimer:                               #
> #My opinion here does not represent my     #
> #employer's in any way                     #
> #                                          #
> ############################################
>
> On Mon, 1 Oct 2001 Patrick.Bryan at abbott.com wrote:
>
> > Greetings, I am taking a look at Cisco's 3002 hardware client, and am
> > wondering if it is possible to use SecurID or Cryptocard tokens with this
> box?
> > It appears to me that it is not possible. If anyone has done this, your
> input
> > would be greatly appreciated...
> >
> >
> > Patrick A. Bryan
> > Sr. Systems Analyst
> > Abbott Laboratories
> > Worldwide Network Security Group
> >
> >
> >
> > VPN is sponsored by SecurityFocus.com
> >
>
>
>
>
>
>







VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list