Don_Ryles_52501
Feb 19, 2010Nimbostratus
FirePass user authentication security
Hi,
I'm looking for ideas on ways to increase the security of the logon to the FirePass. The biggest concern is key-loggers on remote clients which could capture the URL, username and password. What I need is something simple but secure. We've locked down the FirePass as far as we can, no network tunnels and limited app tunnels but obviously still concerns about improving security.
I've looked at the standard options and all of them are unsatisfactory for different reasons:
Use two-factor device like RSA tokens - too expensive & management overheads.
Security software needs to be installed on client - too restrictive.
On-screen keyboard - works but very fiddly and liable to shoulder surfing.
Check for a file being present - works but not suitable for locked down clients.
Client certificates - complexity, support issues and not in locked down situation.
Check for a process running (e.g. notepad.exe) - no process check on FirePass for Macs.
Check a registry key or value - no solution for Macs and lockdown issues for PCs.
Collect a value in an extra field at logon - still typed from keyboard.
So has anyone done anything creative which might offer a solution?
Thanks,
Kevin