One time PIN?

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#1
I was wondering about increasing the security of DISA for remote extensions.

Based on the assumption that hackers are monitoring SIP exchanges and recording all DTMF transaction to log credit card number or access code and that a VPN remote extension connection is not always practical (like on my Nokia SIP client), is there an easy way to have a changing/rolling code for the Authenticate function.

I was thinking about the following:

- having a 15 digit/letter pass phrase and let Asterix asking only a few digits randomly(i.e. 'Please enter the 5th,7th,10th and 12th digit' )

- having a base PIN plus a variable part (hour, minutes, date, etc...)

- a list of multiple PIN associated with their own voice request ('please enter password #5' or 'What is the name of your first pet' )...


Patrick
 

Chilling_Silence

Joined
Sep 23, 2008
Messages
488
Likes
0
Points
0
#2
Patrick_elx said:
Based on the assumption that hackers are monitoring SIP exchanges and recording all DTMF transaction to log credit card number or access code and that a VPN remote extension connection is not always practical
What gives you that idea?

Mate, seriously, its easier to hack a PSTN line than a SIP line ;)
 

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#3
Chilling_Silence said:
What gives you that idea?

Mate, seriously, its easier to hack a PSTN line than a SIP line ;)
I'm just getting older and climbing on the phone pole is getting tougher on my poor muscle. :S
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,888
Members
17,568
Latest member
mehdii_igi
Top