LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices

Reply
 
Search this Thread
Old 01-17-2008, 11:28 PM   #1
augurseer
Member
 
Registered: Feb 2006
Location: Canada
Distribution: OpenSuSe 10.2 (Home and Laptop) CentOS 5.0 (Server)
Posts: 171

Rep: Reputation: 30
DIY - RSA SecurID


i work for a small firm that does eco related matters, and we have allo0t of road warriors.

now these guys go anywhere, there at conferences, events, and on the road, and i want a secure access method for them to access office.


now the office system they are accessing is only for file pickups and dumps, like heres a new memo and drop off your latest report type crap.


BUT, some of there work is goverment level, and this is a goverment funded place, mostly, and as such we need some better security.


i want to go with something like RSA SecurID, but i dont want to pay that sort of money. i am not asking for RSA SecurID for free, but is there a DIY open ended (SSH ish thingy) like RSA SecurID that is open source, free and DIY - or cheap??
 
Old 01-18-2008, 12:38 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You might want to search with google for: opie s/key pam. Maybe though "tpm" into the search and also read through the rfcs: 2289 and 2244.
 
Old 01-19-2008, 08:30 PM   #3
ozegoods
Member
 
Registered: Oct 2004
Location: United States
Distribution: Mandriva 2010.1 KDE4
Posts: 38

Rep: Reputation: 0
augurseer,

If there are notebook computers out there with confidential data then you might want to think about something to encrypt that data in case a computer is lost or stolen.

For secure transfer of files you can use rsync over SSH. Setting up a virtual private network (VPN) is another option.
 
Old 01-21-2008, 10:37 AM   #4
DaCapn
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Rep: Reputation: 0
A VPN is the best solution for sustained connections since you initiate a secure tunnel through the "home base" to the internet as though you are on the LAN (meaning you have the same work restrictions like proxies and filtering) and any traffic between client and server is encrypted. I think there's a KDE gui for the OpenVPN client, kovpn or something obvious like that. As far as simple secure transfers, scp is cp over SSH, it uses rsync syntax.

If you are asking specifically about one-time passwords, here is a possible solution:
https://www.grc.com/ppp.htm

Be sure to check out the "other ppp software" link since it has info on PAM, JAVA, PHP, etc implementations. Technically, this is better than the RSA cards since you have a greater passphrase sample space and the chance for replay is less.

DaCapn
 
Old 01-21-2008, 11:13 AM   #5
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Quote:
BUT, some of there work is goverment level, and this is a goverment funded place, mostly, and as such we need some better security.
I don't get why "government level" should need better security than an individual - at least in a country I would like to live in? But that aside, the most reliable method is to encrypt the data, and change keys as often as possible conveniently. And not just to-be-transferred data, but the harddisks also; one of the security aspects too many people forget is that even if you have a 99% bullet proof transfer channel, the moving end (like a laptop) can always be stolen, and that means lots of time to dig the data out. None of the encryption methods is fully secure, but their main idea is that it is impossible in a sane amount of time to decrypt the information without a known key, and that the key is impossible to generate/try in a sane amount of time. So encrypt both the disks and the transfer channel, and change keys at times to make it more difficult to break trough.

At the moment, especially if you don't want to pay (a lot of )money, (open)SSH is your best friend. But whenever the data is someplace else than the sender or recipient, it's vulnerable.

Check this if you are interested in KDE front-end to VPN (of course there are front-ends to other desktop things too than just KDE, but DaCapn mentioned that): home.gna.org/kvpnc/en/index.html
 
Old 01-21-2008, 10:06 PM   #6
augurseer
Member
 
Registered: Feb 2006
Location: Canada
Distribution: OpenSuSe 10.2 (Home and Laptop) CentOS 5.0 (Server)
Posts: 171

Original Poster
Rep: Reputation: 30
all of your responses were great, thanks.



as for the govt issue, damn ain't it true. This company i am do some work for has to double and triple check its everything before even thinking about making coffee in the morning cause it is govt money and supplies.


They don't flush without asking for help, and whats worse is i have to pass every IT idea past some little pencil pusher who thinks his computer is better just cause its a mac.




at any rate all of your advice was great and shall be poked through very much.


thanks
 
Old 02-25-2008, 07:00 AM   #7
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 230Reputation: 230Reputation: 230
I'm curious, what did you do?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN+SecurID saveka Slackware 3 07-17-2007 01:18 PM
VPN into Microsoft PPTP with RSA Securid. Simplest client solution. mikethefrog Linux - Networking 1 05-08-2006 09:33 AM
VPN into Microsoft PPTP using RSA Securid. Simplest Solution? mikethefrog Debian 0 05-08-2006 07:52 AM
ximian evolution and securID neilcuk Linux - Software 0 06-04-2004 05:01 AM


All times are GMT -5. The time now is 12:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration