Forms of Two Factor Authentication for Server Access

bills3616 · 2014-12-23T12:52:46.000Z

In light of recent corporate hacks, especially JP Morgan, our company has been considering adding 2 Factor Authentication to our username and password in order to access certain servers. Probably the Terminal Server (for Remote Desktop) to start; maybe VPN users after that.

I’m familiar with Google, Apple, Amazon’s, etc methods, texting codes to a stored phone number and requiring that to log in (at least the first time from that device/ MAC address).

Are there any you recommend? Hardware tokens like this…?

two-factor-token.jpg.scaled500_1_.jpg
What are your experiences?

@windowsauthenticati8132 @nizamnickuddin9604

randy1699 · 2014-12-23T13:10:27.000Z

RSA appliance and soft tokens

Yubikeys

fingerprint biometrics

bills3616 · 2014-12-23T13:18:18.000Z

Randy - Which of those is most cost effective?

trevorthorpe1014 · 2014-12-23T13:20:47.000Z

RSA appliance and tokens for 2 factor authentication.

Just spun up the RSA appliance recently myself. Great stuff, using it for much more than the VPN already…

randy1699 · 2014-12-23T14:12:53.000Z

RSA isn’t very cheap but is very effective in securing access from the outside. We use it for VPN and as a second factor for website authentication.

Yubikey, biometrics or a smartcard solution would be most cost effective iin securing log ins to systems on the network.

justin1250 · 2014-12-23T15:05:46.000Z

There is LinOTP its an open source OTP server.

It will use HOTP, TOTP tokens, Google authenticator, and a whole bunch of other stuff.

rumraisin · 2014-12-23T17:24:17.000Z

I would recommend SafeNet Authentication Manager Express formally ( SafeWord 2008)

Here is a link http://www.safenet-inc.com/multi-factor-authentication/authentication-management/safenet-authentication-manager-express-samx/

The pricing was pretty good, I think for 10 tokens/licenses the cost was around CAN$ 1.4k, which included a I think 2 years of support, the renewal for support was about $25/year/person.

It is fairly easy to setup and manage, as it is a snap-in to ADUC. It also integrates with Citrix fairly easily, as when as other web portal and VPN solutions.

servermonkey8064 · 2014-12-23T17:27:12.000Z

Look at Duo Security. I had it setup on our VPN in under an hour - seems to “just work” and the POC is dead simple.

reynolwi · 2014-12-24T00:44:19.000Z

You can always check Quest Software (Dell) and their Two-factor product called Defender. I planned on trying it out in a test environment and seeing how it works. Reading thru the guides it ties into AD pretty seemlessly and there are numerous OATH hardware keys even software ones to use on iPhone Andriod and such. Several of our customers are PCI or Govt so I try to keep our network a step ahead on how locked down it is from the outside world. Licenses look pretty cheap as well.

http://software.dell.com/products/defender/

@Dell_Technologies

tomyoung · 2015-03-12T07:44:11.000Z

Check out Login People’s Digital DNA. The “multi” factor is the recognition of the devices you already own, so no need to invest in tokens/SMS credits.