Selection factors for remote access solution |
 |
EXPERT RESPONSE FROM: Frederick Avolio
|
|
|
|
| > |
QUESTION POSED ON: 10 April 2001
I'm considering implementing a remote access solution that has the
potential for P2P. I'm attracted to this solution because there is no remote access point software to install since it uses a browser only. I will retain administration rights for all users within my organization.
The solution uses shared key cryptography along with SSL and will reside as CPE in my NOC. What are some of the selection factors I should consider for this solution?
|
|
| > |
|
In short,
* You want to make sure the browsers people use are secure. In such transactions, much security is left up to the browser. Make sure
up-to-date browsers are used.
* Look for any time during the registration when the user
information is transmitted in the clear. It should not be.
* Does it depend on a password? Then it is only as strong as the
passwords people use. Obvious ones? Guessable?
* How does it handle repeated access failures (like someone trying
to guess)?
* Does it leave around any usable information on the browser
system? If people use this at an airport kiosk, can someone immediately
behind them access your system(s)?
* Strength of encryption used. Is it better than 40 bit or 56 bit
secret key crypto?
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
