[vpn] VPN authentication

Rick Smith at Secure Computing rick_smith at securecomputing.com
Thu Oct 11 18:13:43 EDT 2001


At 07:11 AM 10/10/2001, skr wrote:

>Is there any VPN product which supprorts User ID+ Password+MAC Address
>authentication..over WAN.

I don't think so, and the reason is because the MAC address isn't a 
reliable identifier. Many (most?) NICs allow you to replace the MAC 
address. If you're worried about an attacker capturing your user ID and 
password, then you run the same risk with the MAC address.

>Is there any VPN product which supports three part authentication User
>ID + Password + anything..(excluding secure ID, Digital ertificate,
>Radius ) say one more password

If one password isn't providing the protection you need, then a second 
password, or a longer password, probably won't improve matters. If someone 
is asking you for "two factor authentication" then you're trying to do the 
wrong things. You need to combine memorized data (the password or PIN) with 
a personal authentication device (like one of those tokens) or a biometric 
reading. You don't get two factors by using two passwords.


Rick.
smith at securecomputing.com            roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list