Kriston J. Rehberg (kriston@ibm.net)
Sun, 30 Aug 1998 03:12:56 -0400
> First, the connection is vulnerable to session-hijacking (taking
> over the network session AFTER you have been authenticated and
> are logged onto the target system). Generally, it would take
> about 4 mouse-clicks to hijack your session.
>
> Second, while your traffic shouldn't be susceptible to replay
> attacks, the contents of your network sessions can be disclosed
> to anyone with a semi-decent sniffer.
These are both true, but SecurID/SecureNet keys are here to prevent
access to unauthorized users who try to access the network at a time
independent of the user who is "compromised." Of course, the session
may be hijacked, but the user can detect when it happens and contact
security personnel. The session may also be sniffed, but the sniffing
stops once the user logs off and he only sees what I'm seeing. And, by
the way, the attacker cannot hijack or sniff if they can't find my
connection.
I don't think these keys are intended to address the kinds of problems
you are concerned about -- especially since those kinds of attacks are
at such a low level that the effectiveness of trying to find my
particular session every time I log in (which is wildly unpredictable)
and to do so without my detection (in the case of hijacking) is sketchy
at best. In addition, sniffing only gets you to the information I am
interested in, which is rarely worth anything to an attacker. The
attacker wants "in" and the only way to get "in" with SecurID/SecureNet
is by hijacking a session, and that is readily detectable. For example,
say I get hijacked. I log off, I try to log back on and my access is
denied because a session is still active... I then call security and
they dump/investigate/eviscorate the attacker. Done!
I use both kinds of keys every day -- I like SecurID's because you only
have to enter a number once (not twice with the Digital Pathways
SecureNet challenge method). Plus the SecurID is in a nifty form factor
that hangs off your keychain (hehe).
Kris
-- Kriston J. Rehberg http://kriston.net/ AOL: Kriston endeavor to persevere ICQ: 3535970
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:02