Security Basics mailing list archives

RE: How to authentificate an user via telephon?

From: Valter Santos <vsantola () devfusion net>
Date: 05 Dec 2002 17:51:39 +0000

Hi Steve,

about your webcam solution, how do you manage with your road warriors
staff members. Imagine that your CEO is on the road, in some hotel, and
call you telling that he forgots his password and need it to read some
important email for the next meeting that will take place in 5
minutes...

How do you manage that situation ??? I thing your solution will not work
in a big consulting company with people working in different locations
and environments 8-(

cheers,
/valter


On Wed, 2002-12-04 at 17:04, Champion, Steve wrote:

Your speaking about social engineering.

Makeing sure that the person on the phone is who they say they are.

An idea we had was to put up inexpensive computers in key locations and to
put inexpensive cameras on these systems.   

So when a person called to get their password reset, that person would go
the the password station, the helpdesk person would see the person is who
they say they are, then reset the password..

It could be a cheap system too, an old PC running windows, and a cheap $40
web-camera from CompUSA and walla!

Thank You
Steve Champion
Sr. Security Analyst
Methodist Health Care Systems
schampion () tmh tmc edu


-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de]
Sent: Tuesday, December 03, 2002 12:50 PM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?


Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you 
has to determin wheter the user is the correct 
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

-- 

---..---..---..---..---..---..---..---..---..---..---..---..----
Valter Santos

vsantola () devfusion net                         |||
http://devfusion.net/~vsantola/keys/          (@ @)                 
------------------------------------------oOO--(_)--OOo---------

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: How to authentificate an user via telephon?, (continued)
- RE: How to authentificate an user via telephon? Burton M. Strauss III (Dec 05)
  - Re: How to authentificate an user via telephon? James W. Meritt (Dec 05)
- Re: How to authentificate an user via telephon? Marc Cuypers (Dec 05)
- Re: How to authentificate an user via telephon? J . Reilink (Dec 05)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
  - Re: Switch and Hub Testing Project Julian Young (Dec 09)
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
  - Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
  - RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
  - AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)

(Thread continues...)