Using RSA Security Tokens for VPN, etc?

Then get them replaced now.  RSA were hacked and lost control over their master keys.  This has led to hacks against RSA customers – confirmed by RSA in an open letter to their customers.

I’ve never been keen on the concept of RSA tokens.  Now we learn that they stored the master keys live on the network with a route to the net by the looks of it!!!! Even the most basic certification training course on CA admin will teach you to use an offline root CA.

Technorati Tags:

One thought on “Using RSA Security Tokens for VPN, etc?”

  1. They’ve have (had) their benefits. The fact you didn’t need a smartcard reader and thus could use two factor authentication in more situations was one. They were or still are (haven’t checked recently) very expensive and thus many smaller companies went without or sought some cheaper alternatives. Only a 3 to 4 years back two factor authentication with one time passwords became cheap enough that small biz could be convinced to commit to it with their money for their own good (security). As to the on line route CA with and internet connection … ouch .. for such a big name that hurts confifence. To my knowledge the current replacement is also something you need to request, it’s not automatically. Probably the first ever excercise on this scale on replacing compromised two factor authentication tokens.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.