Thread: Single Sign-on - CheckPoint or ISA?
View Single Post
  #10 (permalink)  
Old 2007-02-04
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,632
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Single Sign-on - CheckPoint or ISA?
Quote:
Originally Posted by Acidio View Post
I agree with Ray, single sign on is a security problem. Not sure what SOX etc says about this, but compliance issues may arise from doing it - to all systems at least.
There is nothing wrong with a well implemented SSO. RSA has an OK solution for a hetrogenious enviornment. If you're a pure MS environment you can get 90+% with NTLM/Kerbrose that's part of Win2K+

The Check Point solution, IMHO isn't worth the trouble.

One of the reasons I like RSA's solution is the end-user doesn't even need to know their passwords, only their password to the SSO and that can be an SecureID token and/or combined with a smartcard.

As for SOX you need a password policy, but it can be as simple as "You must use a password for you login account and not share this password"
Reply With Quote