Q

Selection factors for remote access solution

I'm considering implementing a remote access solution that has the potential for P2P. I'm attracted to this solution because there is no remote access point software to install since it uses a browser only. I will retain administration rights for all users within my organization. The solution uses shared key cryptography along with SSL and will reside as CPE in my NOC. What are some of the selection factors I should consider for this solution?


In short,

* You want to make sure the browsers people use are secure. In such transactions, much security is left up to the browser. Make sure up-to-date browsers are used.

* Look for any time during the registration when the user information is transmitted in the clear. It should not be.

* Does it depend on a password? Then it is only as strong as the passwords people use. Obvious ones? Guessable?

* How does it handle repeated access failures (like someone trying to guess)?

* Does it leave around any usable information on the browser system? If people use this at an airport kiosk, can someone immediately behind them access your system(s)?

* Strength of encryption used. Is it better than 40 bit or 56 bit secret key crypto?


This was first published in April 2001

Dig deeper on Web Authentication and Access Control

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close