 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 9 Feb 1996 15:35:25 GMT |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Mark,
Unless an application explicitly encrypts its network traffic its gonna be sent
in the clear - this includes MPE logons and associated passwords for NS, FTP,
TELNET, etc. Anyone on the network (assuming LAN) with a sniffer, PC with
appropriate software, etc. can monitor this traffic and pick out the valuable
pieces. This is not going to change, since I'm pretty sure HP is not going to
invest in adding encryption to NS.
$PLUG on$
We support a solution called CRYPTOCard. CRYPTOCard is a credit card size
calculator device which can be used to generate one-time passwords which
authenticate a user via a challenge-response protocol just like a password.
The one-time password is still sent in the clear, but it is never used again
so grabbing it with a sniffer won't allow the bad-guy from gaining access to
the system. This device is used by DoD, Financial Institutions, etc. Supported
on both HP9000 and HP3000(others to come). Give me a call and I'll drop you
some detailed info.
$PLUG off$
Lee Courtney
Monterey Software Group
Cupertino, California
408-253-1778
[log in to unmask]
|
|
|
