Ann is a VPN-1/FireWall-1 Security Administrator. Her organization’s solution for remote-access
security is SecureClient. Ann’s organization is undergoing a security audit. The auditor is
concerned, because static passwords, such as VPN-1 & FireWall-1 and operating system
passwords are cached on the desktop, and users are not required to re-authenticate. Which of the
following explanations addresses the auditor’s concerns?
A.
The auditor has incorrect information. SecureClient caches all passwords. A strong encryption
algorithm protects the proprietary database used for password caching, so there is never a need
to purge cached passwords.
B.
The auditor has incorrect information. SecureClient never cached passwords. SecureClient
users are forced to re-authenticate for each new connection, regardless of the type of password
used.
C.
Cached passwords are purged when SecureClient receives Policy and Topology updates. Most
installation update Security Policies frequently, so cached passwords are rarely stored for longer
than six to eight hours. Renaming the userc.C file to userc.old will also purge the password cache.
D.
Cached passwords are purged at an interval specified in the Desktop Security Policy. As long
as the user.C file is encrypted, users cannot tamper with the interval setting. The interval time is in
seconds from the time to SecureClient software is launched.
E.
Cached passwords are purged when SecureClient is stopped, when a connect mode is
disconnected, and when the computer is rebooted. SecureClient users can manually purge the
cache, by choosing the Erase Passwords option from the Passwords menu.