Slashdot Mirror

← Back to Stories (view on slashdot.org)

TiVo Web Security and Two-Factor Authentication?

Posted by Cliff on from the hardening-your-PVR dept.

mr. mulder asks: "I just attached my TiVo to my home network, giving me the ability to change my recording settings from any browser on my internal network. I would like to take this a step further and enable TiVo config changes from work, but I'm worried about security. SSL would encrypt my traffic, but wouldn't prohibit access. Ideally, I would like an easy, client-less, two-factor authentication solution. Has anyone tried this? Moreover, are there any inexpensive, secure or two-factor authentication products to protect personal/home web URLs? I've considered publishing the page on the web without security, but that leaves me wide-open. I've also considered a VPN solution with my LinkSys Firewall/Router, but it involves a client installation. As an alternative, I've turned to two-factor authentication schemes, including products such as Rainbow's iKey, Authenex's A-Key and RSA's SecureID, but they are too expensive."

2 of 36 comments (clear)

  1. Use a reverse proxy & PAM by Hanashi · · Score: 3, Interesting

    Just an idea... Put a reverse proxy in front of the Tivo. Don't let the Tivo talk to machines outside your local network, just internal machines (including the proxy). Use SKey on the proxy for free easy 2 factor authentication. If you use apache, you can set it up to use PAM (pluggable authentication modules), and get an SKey PAM module for it. I know that all these pieces exist, but I've never used Apache w/PAM, nor have I used the SKey PAM module. Should be a good starting point, though.

    --
    Check out my eclectic infosec blog at InfoSecPotpou
  2. Stupid question - all over the tivoweb docs by GoRK · · Score: 4, Interesting

    This is covered in insane detail in the tivoweb docs. You have three options:

    Set up apache as a reverse proxy and put some authentication on the proxy machine.

    If that is not acceptible, use ssh port forwarding to get the job done.

    If none of these is acceptible, then use some sort of VPN solution to attach to your home network from outside.

    Be realistic, though, you don't double smartcard voice recognized palm scanned passphrase authentication and uncrackable in a trillion years triple supercrypto to do the equivalent of program your vcr from the office. Reverse proxy and an .htaccess file will do you fine.

    ~GoRK