I want to make our company email and calendars available on a secure web site by cell phone browser or pc browser. Our cell carrier is Verizon and all I get is the run around for detailed info.
What I need to know is what the limits on security technologies are. i.e. key lengths, cipher types, any client side abilities (such as device id that can be read my the web site) and limits on server side verifications that can be run against the phone or home pc.
My goal is to run two checks.
1. Via SSL. a verification that the device is from a current employee which I can simply run against a semi-static key that changes only weekly. Each attempt successful or not has a delay of 3 or more seconds with 3 bad attempts dumps to reject screen with 60 second timeout before it would allow servicing that ip again. This is to reduce the brute force effect. Generating email to two employees of “3 strike attempts” with ip, time, date and bogus login info.
2. Upon success of step one a redirect to another site/hosting site with a dynamic key given during step 1 which allows entrance to a personal login screen. At this point the employee verifies themselves and gains access to their email and calendar. If they fail the 3 strike rule, that ip is locked for 12 hours which also generates a email to two people inside the company with ip and login info/time/date etc...
If not possible, what can I do?
Linear Mode
