multiple authentication for Network computers? - Network Security

mandi

hi guys,this question is just my imagination,
I just need to know the real world possibilities of my idea,

As we know to access a pc in a network we need to provide the login credentials to access the pc

we know these traditional security systems like ACL's,routers,IDS,WAF's,switches are there to protect the network ,but these things are a big problem only to low end hackers,but for high end hackers i dont think these things can fully stop them,so here are some of my question

1))can we place multiple levels of login authentication to a single system on a network?

2)Is it possible to implement in real life?if yes how?

3)Also placing multiple network login schemes provides more security?
is it a good idea ? or just it is a waste of time?i had also heard that these kind of multiple authentication schemes are being used in cloud networks,is it true?(just asking to confirm things :) )

4)Beyond the above mentioned traditional security things
what are the high end security things are being developed for the future?i am much more interested to know the future technologies

I am just posting here to get some ideas :)

hope i will get some ideas ..

Se7enisLucky

said:

hi guys,this question is just my imagination,
I just need to know the real world possibilities of my idea,

As we know to access a pc in a network we need to provide the login credentials to access the pc

we know these traditional security systems like ACL's,routers,IDS,WAF's,switches are there to protect the network ,but these things are a big problem only to low end hackers,but for high end hackers i dont think these things can fully stop them,so here are some of my question

1))can we place multiple levels of login authentication to a single system on a network?

2)Is it possible to implement in real life?if yes how?

3)Also placing multiple network login schemes provides more security?
is it a good idea ? or just it is a waste of time?i had also heard that these kind of multiple authentication schemes are being used in cloud networks,is it true?(just asking to confirm things :) )

4)Beyond the above mentioned traditional security things
what are the high end security things are being developed for the future?i am much more interested to know the future technologies

I am just posting here to get some ideas :)

hope i will get some ideas ..

This is a old thread.. but may as well try to answer.

Regarding Number 3: Yes it is used in Cloud Computing. [Atlest according to Cisco] Somehow it's being used in systems that are using IaaS + SaaS or IaaS + PaaS.

Regarding Number 1: Yes.
Regarding Number 2: Yes, ask the NSA, or someone at CISCO. Personally I would love to get into this[I know how Cisco would do it, but only from a protocol pov, not the whole thing], but I think at a certain point all of your multiple forms of encryption/dec. + authentication is redundant. Especially if you are a company/gov.'t agency that hackers ARE afraid of...[bring's to mind ISS?]

Cool: A friend of my father's that I met at New Years Party used to work at Northrup Grumman [sp?]. He said that they had a file that had all of their top 100 [or so] employees on a file with all of their comments and work ethic data/other stuff a company like that keeps tabs on. He kept insisting that this file would be very valuable to a headhunter from another organization. He said that when they wanted to modify the file[it was on a HDD with lot's of encryption in a physical safe], and that they had the computer that this HDD would be connected to in an isolation room, no connectivity and threats. And they had a "multi-phase authentication system" [whataver that means... :/]... etc. I think you get the 'gist. And that was back in the 80's. So now, I'm assuming it's much more.. crazier!

m0rph

said:

hi guys,this question is just my imagination,
I just need to know the real world possibilities of my idea,

As we know to access a pc in a network we need to provide the login credentials to access the pc

we know these traditional security systems like ACL's,routers,IDS,WAF's,switches are there to protect the network ,but these things are a big problem only to low end hackers,but for high end hackers i dont think these things can fully stop them,so here are some of my question

1))can we place multiple levels of login authentication to a single system on a network?

2)Is it possible to implement in real life?if yes how?

3)Also placing multiple network login schemes provides more security?
is it a good idea ? or just it is a waste of time?i had also heard that these kind of multiple authentication schemes are being used in cloud networks,is it true?(just asking to confirm things :) )

4)Beyond the above mentioned traditional security things
what are the high end security things are being developed for the future?i am much more interested to know the future technologies

I am just posting here to get some ideas :)

hope i will get some ideas ..

1) I don't know if you meant multiple login schemes for one system, or one login scheme for multiple systems (where you could login to any computer in the network).

The first one, obviously, yes. I'm sure there are vendors out there with products for such a thing. For the latter, I think you know about TACACs and Radius. But, if not, tacacs with radius will allow you to log on to any machine in the network that is setup to do so. If you have Cisco equipment you can set those up for TACACs through ssh too.

2)

http&#58;//www&#46;cisco&#46;com/en/US/docs/ios/11_3/security/configuration/guide/sctcacs&#46;html

3) Bios password + Token based authentication + Heuristic Network IPS + Nazi Anti-virus = Success for the most part. Implementing a company proxy might also be something to consider. There's still ways around all of this, but it'll be enough to thwart the average hacker going for a physical attack.

4) It's not perfect by any means, but Deep Packet Inspection used in Cisco routers is ridiculously awesome. Something to look into there.

This wasn't specifically for mandi, anyone looking to secure an enterprise network should consider the things I've mentioned as a baseline. You'll need to take it a step further by constantly reminding your users to practice safe browsing habits while online, and assure the identity of e-mail senders are verified.

burn1337

First, I would say that the only time to use multiple network authentications. Is when your securing one private network from another private network... I.E. One network used for public use; protected by network authentications; while simultaneously running an additional private network, that is to be even more so guarded, with no typical internet use, and it's own authentication. Otherwise, yes it is more of a waste of time; any network is only as strong as it's weakest link, even with many links, if there is one weak link, it could cause for the network to be compromised.
As for the routers and such; yes high end hackers are rarely thwarted for a couple minutes... Even with sophisticated routers or firewalls; i.e. pix, or other commercials routers; rarely thwart a high end hacker for very long. Coming from experience; at 17 I hacked a pix in just minutes.
On the other hand, technologies like Deep Packet Inspection does work wonders; which by the way this was implemented due to the use of IPv6 packets over IPv4 headers, as well as executable packets (i.e. traceroute).
As for Token based authentication; I would suggest something better... Again, the weakest link...
Physical firewalls, honeypots, IPS, and of course independent system privileges in my opinion works best... IPTables, is a a part of the Deep Packet Inspection; and I would suggest using this in each node of the network... Multiple nodes works much better then multiple authentications. Also Mac Address filtering can be your best friend...
As for what a multi-phase authentication system is; Finger prints, bio-metric eye scans, voice analysis, and password, all working in tandem would be a multi-phase authentication system....

Howdy, Stranger!

Top Posters

Who's Online (2)