[FDE] RSA C/R Tokens

Dennis_Costea_Jr at amsec.com Dennis_Costea_Jr at amsec.com
Wed Aug 8 09:41:13 MDT 2007 

 

Wouldn't a pre-boot RSA Token "model" require integration of token
handling routines in the computer's BIOS?

 

I have seen hardware that boots PXE from a network so connection to a
RSA Token server BEFORE WinOS loads for purposes of token
synchronization could be done.  Maybe someone can suggest this to a
couple of the major PC vendors or drop a hint at the next COMDEX
(whatever tradeshow DoD contractors frequent).

 

~ Dennis C.

Virginia Beach, VA

 

 

________________________________

From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com]
On Behalf Of Coopers Hawk
Sent: Monday, July 30, 2007 12:09 PM
To: fde at www.xml-dev.com
Subject: [FDE] RSA C/R Tokens

 

I'm disappointed that no products in this space support the RSA tokens
at preboot.  It would be a huge win for any vendor and if someone spent
a few minutes thinking about it I don't think it would be that
*difficult* to implement.  Stop thinking about making a preboot network
connection ... that is a overly complex way to look at it.  Consider the
way RSA does it with a disconnected Windows logon ... just work with RSA
to extend that to an always disconnected preboot environment (that syncs
up future codes once connected inside Windows).  At this point it seems
like all the vendors have relationships with RSA already so that
shouldn't hold things up ... I say let the race begin.  I'll buy the
first product that can do it well ;). 

 

Cooper

 

-----Original Message-----
From: fde-bounces at www.xml-dev.com [mailto: fde-bounces at www.xml-dev.com
<mailto:fde-bounces at www.xml-dev.com> ] On Behalf Of SafeBoot Simon
Sent: Friday, July 27, 2007 10:24 AM
To: fde at www.xml-dev.com
Subject: Re: [FDE] Best FDE-Product

 

No, it's not linux based - we found Linux simply got too big when you

added all the stuff we needed. No, we don't load network drivers

(though we could) simply because we don't need them and to do so woud

open up exploits. Also, what drivers would you load anyway? There are

hundreds of different network cards.. Remember - we're trying to be

small and fast..

 

As for the dynamic RSA tokens - you probably realise they only work if

you have a network connection to an ACE server, so again, no. We

support things like the SID800 though which work stand alone.

 

Imagine how hard it would be to support a user with a RSA C/R token

working in a hotel over a VPN. We'd need a network stack, card

drivers, probably a WIFI stack, VPN, web browser (to allow them to

sign into the hotel wifi network) plus the ACE software - might as

well just let them load windows and use SafeBoot Content Encryption

instead.

 

_______________________________________________

FDE mailing list

FDE at www.xml-dev.com

http://www.xml-dev.com/mailman/listinfo/fde

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20070808/f25db511/attachment.html

More information about the FDE mailing list