So, how can this protect an internal network? Traditionally, routers and switches are accessed through a direct connection to the device, by telnet or via a Web interface. All of these methods send the user ID and password in clear text, which can be picked off the network by malicious users with packet sniffers. If a user ID and password were stolen, the intruder would still need the OTP value to gain access. Tokens can be defeated through man-in-the-middle attacks, where the credentials are stolen by a malicious user controlling a server between the client and the host. The attacker then immediately forwards its own bogus information by logging on to the real host with the stolen credentials. Since routers and switches are often directly accessed, tokens used for their management aren't susceptible to these types of attacks.
Tokens aren't foolproof. Here are some best practices for using them:
- Make sure every user has their own unique token. That means no sharing of tokens among users or allowing a single token for an entire user group.
- Educate users to keep a close eye on their tokens and keep them in a safe and secure place when not in use.
- Tightly control token distribution. Only issue tokens to active users. When a user no longer needs a token, not only revoke it, but also deactivate it entirely. Users should be required to report any lost or stolen tokens immediately.
- Keep an accurate inventory of all tokens received and distributed. Whenever a shipment of tokens arrives, keep a record of each individual token and its serial number. Note any irregularity, or defective token, in the record and send defective tokens back to the manufacturer.
This was first published in September 2005