Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Entrust - Identity Guard - Any experience?

from [Ned Fleming] Network Security [Permanent Link]
Subject: Re: Entrust - Identity Guard - Any experience?
Date: Mon, 22 Aug 2005 13:05:43 -0500 
On Sun, 21 Aug 2005 07:48:47 -0700, Saqib Ali <docbook.xml@gmail.com>
wrote:


Two-factor means, to many of us, that there is something in addition to
something-you-know. A hardware token, a printed OTP list, biometric, or a
secured terminal with unique identifying keys/tools.


The problem with a Printed List of OTPs and Entrust Identity Guard is
that they give false sense of security in case they are stolen and
duplicated. Someone can easily duplicate these without the knowledge
of the owner. 


Not really. The card is something a person carries around. Besides the
cards can be made to be difficult to photocopy. And if stolen, they
can be treated the same as a stolen token: invalidated and a new one
generated as easy as kiss my hand.

And the owner still thinks that he/she is the sole owner

of Entrust Identity Guard. Whereas a hardware token (e.g. RSA
SecureID) is a lot harder to duplicate. It might be easy to steal a
hardware token, but NOT without the knowledge of the owner. Once the
owner find out that the hardware token is stolen, he/she can get it
de-activated.


I like the Entrust thingamabob. Think Pareto's Law: It gives 80
percent of the functionality of a secure token for 20 percent of the
cost. (Actually, I think it gives 96 percent of the functionality of a
secure token for 20 percent of the cost -- Pareto squared.)

Ned
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski
Next by Date:  Re: [Full-disclosure] Re: BBCode [IMG] [/IMG] Tag Vulnerability, Christopher Kunz
Previous by Thread:  RE: Entrust - Identity Guard - Any experience?, ken kousky
Next by Thread:  Re: Entrust - Identity Guard - Any experience?, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]