Secure Remote Access 2

[snootalope]

Hello,

Our company is looking to further increase the security on our remote access. At the moment, we have users setup to do ldap authentication on an SSL/VPN from where they can connect to a terminal server once authenticated.

We're looking to take it a step further and require these remote users carry a device that produces a randomly generated password that syncs with a device on our network. So before they can even get to the point of authenticating via ldap, they must first input this password given to them by their security device/token that is in sync with a device on our network that sits in front of our SSL/VPN. Hopefully that makes sense..

I'm just starting to do research on it, but thought I'd check and see if there's anyone here who already has something like this in place, and what brand/manufacturer you use.

Thanks for any advice!

 

[itsp1965]

One of my customers uses RSA SecureID to authenticate users to Windows and Unix/Linux hosts, in there case though users access the network layer via RADIUS auth, and then from there user RSA SecureID to authenticate to the hosts.

 

[Davetoo]

RSA SecurID is the way to go. We utilize it for our outside sales force to connect to our internal network.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[snootalope]

That's what I'm looking at is the RSA. Sounds like exactly what we need. Thank for the info!