srm@dimacs.rutgers.edu (Scott R. Myers) (07/16/90)
I have an interesting problem I am hoping someone can offer a solution to.
I have a client that wishes to have remote dial-in to his system with PC's.
He is security conscience and wants to set up a dial in disk with the phone
number and password information setup in a script. Now here comes the
challenge. He doesn't want anyone to read the information on the disk. The
only way I could imagine doing this is to copy protect the disk after its
created. This brings up a couple of questions for me.
1) Can you copy protect a bootable diskette.
2) Will this method provide a suitable deterent for the average user.
3) What products are available to do this with.
Another possibility would be a communications package that would allow
encryption of the script in execution so no one but the person with the
password can examine/modify the script only use it.
Any help you can give me concerning this issue would be greatly appreciated.
Thank you. Scott R. Myers
--
Scott R. Myers
Snail: 1418 Kerbaugh St Phone: (215)225-1622(HOME)
Philadelphia, PA 19140
Arpa: srm@topaz.rutgers.edu Uucp: ..!topaz!srm
"... No matter where you go, there you are ..."
"... Ha! I kill me ..."
>>>2 Hype<<<swh@hpcupt1.HP.COM (Steve Harrold) (07/17/90)
The poster asks about securing phone numbers and passwords on a distribution (bootable) diskette. It seems to me that this is ultimately a hopeless task. Whether or not the data is encrypted, it will eventually appear as clear text at the COM1 port, and thus can be eavesdropped by a capable "cracker". A better solution would be the use of a call-back system, whereby the user dials the target computer, enters a password, and then hangs up. If the caller is successfully authenticated, the computer will dial the caller back at a pre-arranged phone number. Even if the dial-in phone number and/or password is breached, the "cracker" would still have to be physically located at the pre-arranged call-back phone. This obviously costs more than a mere dial-in facility, but the poster did say that his client was "security conscious".
cjp@beartrk.beartrack.com (CJ Pilzer) (07/25/90)
While call back systems are better than open modems, they do have a failing in that there are ways to intercept the call back to an unauthorized line. For obvious reasons, I do not think that it would be desirable to discuss the technique. But it has been disclosed in a publication with wide spread distribution lately. -- cj