• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Multiple Sessions by one user

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Multiple Sessions by one user Page: [1]
Login
Message << Older Topic   Newer Topic >>
Multiple Sessions by one user - 28.Dec.2002 12:19:00 PM   
abood

 

Posts: 2
Joined: 28.Dec.2002
Status: offline
I have installed ISA server 2000 as a proxy server only. and giving users internet access by authentication.

However the users can have multiple logins in different places, i.e. i would like to restrict users to log only from one pc at a time.
Post #: 1
RE: Multiple Sessions by one user - 28.Dec.2002 2:32:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Osa,

I don't believe ISA server can enforce that on his own! In fact, if such a restriction could be enforced, I think it should be done at the Active Directory level.

HTH,
Stefaan

(in reply to abood)
Post #: 2
RE: Multiple Sessions by one user - 28.Dec.2002 6:35:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

That is correct! This is a Win2k issue, not an ISA Server issue. You can limit users to log on from one machine, or better, use smart cards to log in and require that the smart card be left in the reader for the entirety of the session [Big Grin]

HTH,
Tom

(in reply to abood)
Post #: 3
RE: Multiple Sessions by one user - 28.Dec.2002 9:16:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

good to hear I was on the right track! [Wink]

Of course, the basic law of strong authentication gives you a good solution: something you have (a smartcard) and something you know (the pincode).

Thanks,
Stefaan

(in reply to abood)
Post #: 4
RE: Multiple Sessions by one user - 28.Dec.2002 9:20:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

What I like even better is:

Something I know (password)
Something I have (smartcard or other token)
Something I am (iris scan, voice print, finger print)

[Big Grin]

Tom

(in reply to abood)
Post #: 5
RE: Multiple Sessions by one user - 28.Dec.2002 9:25:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

have you already implemented that in a real life W2K environment?

Thanks,
Stefaan

(in reply to abood)
Post #: 6
RE: Multiple Sessions by one user - 28.Dec.2002 9:29:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

Unfortunately, I haven't implemented the "what I am" part yet. Still looking for someone who is interested in that level of security. I suspect only govt's would be interested.

Tom

(in reply to abood)
Post #: 7
RE: Multiple Sessions by one user - 28.Dec.2002 9:38:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

I thought so! [Big Grin]

BTW --- have you already heard good or bad things about ArcotID? It seems to be the best software SmartCard available. In any case, it sounds to be a very big step forward comparing to the default certificate store on Windows.

Thanks,
Stefaan

(in reply to abood)
Post #: 8
RE: Multiple Sessions by one user - 29.Dec.2002 1:03:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

Sounds interesting, but they don't explain how the "something I have" differs from a SmarCard. They say its stronger than a SmartCard but what is the "thing you have"?

Thanks!
Tom

(in reply to abood)
Post #: 9
RE: Multiple Sessions by one user - 29.Dec.2002 7:39:00 AM   
abood

 

Posts: 2
Joined: 28.Dec.2002
Status: offline
Any, thanks for taking time to answer my question.

(in reply to abood)
Post #: 10
RE: Multiple Sessions by one user - 29.Dec.2002 12:36:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

this is my problem too! As I understand the product, there isn't really "something I have" at least not physical. So, I think you should rather compare the software SmartCard with a software Token. [Big Grin]

However, compared to the default certificate store on Windows, I think it has some real benefits. The problem with a hardware SmartCard is the implementation and ongoing support cost. Especially if you don't have control over the environment. So, a lot of people try to simplify the implementation by *not* installing the certificate on a SmartCard but on the PC itself.

The problem now is that storing the certificate on the PC itself is *not* very secure because at best the certificate is only protected by a password and only that password enables the use of the certificate. So, it is very susceptible to offline attacks because there is no method to disable the certificate after a number of bad passwords. This is major drawback.

That problem seems to be solved with the software SmartCard solution from Arcot. To the user (or attacker) a great number of passwords *seems* to give you a valid certificate. The only way to find it out is to try it out. So, the central authentication service will see those tryouts and have now a method to detect the bad tryouts and lock out the certificate and corresponding account after a number of bad attempts. I think this is a major step forward! [Cool]

What do you think?

Thanks,
Stefaan

(in reply to abood)
Post #: 11
RE: Multiple Sessions by one user - 29.Dec.2002 11:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

I think its better than a software certificate from traditional certificate servers, but I still don't think its better than a "what I have" solution. However, there is no perfect security solution except for turning off the computer [Big Grin]

Thanks!
Tom

(in reply to abood)
Post #: 12
RE: Multiple Sessions by one user - 29.Dec.2002 11:59:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

I totally agree and thanks for the nice conversation! [Smile]

Thanks,
Stefaan

[ December 29, 2002, 11:59 PM: Message edited by: spouseele ]

(in reply to abood)
Post #: 13
RE: Multiple Sessions by one user - 30.Dec.2002 12:15:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

Thank you! [Smile]

Tom

(in reply to abood)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Multiple Sessions by one user Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts