Announcement

Collapse
No announcement yet.

2-factor authentication for MS Terminal Services

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2-factor authentication for MS Terminal Services

    I'm interested in two factor authentication for terminal services with the following requirements: No physical tokens to manage; 2-factor authentication of the person, not the machine; and the 2nd factor does not require input on the keyboard. I'm fiddling with phone-based authentication (i.e., P*********), but believe there may be other possible options. Does anyone have ideas?

    Dumber: company removed because of possible spam
    Last edited by Dumber; 6th June 2008, 10:24.

  • #2
    Re: 2-factor authentication for MS Terminal Services

    A few options are out there Jaco. Have you looked into Phonefactor? Check out URL REMOVED. This address happens to apply COMPANY REMOVED to terminal services but it could apply to other remote apps.

    Dumber: URL removed because of possible spam
    Last edited by Dumber; 6th June 2008, 10:25.

    Comment


    • #3
      Re: 2-factor authentication for MS Terminal Services

      COMPANY REMOVED seems like a good choice, but can I avoid deploying a bunch of hardware?

      Dumber: company removed because of possible spam
      Last edited by Dumber; 6th June 2008, 10:25.

      Comment


      • #4
        Re: 2-factor authentication for MS Terminal Services

        You should check out COMPANY + URL REMOVED. Took us about a half hour to install on terminal server. Free. Worth a close look.


        Dumber: company removed because of possible spam
        Last edited by Dumber; 6th June 2008, 10:26.

        Comment


        • #5
          phonefactor for MS Terminal Services

          Seems like a nice option, but it ties you to a cellphone. Don't know if I want to rely on that with my corporate terminal services data...

          Comment


          • #6
            Re: 2-factor authentication for MS Terminal Services

            Well You should find out what you're requirement are.
            Personally I think that RSA or Cryptocard are great tokens and quite easy to manage.
            I know there are many more (I believe Aladdin has such product to) but I don't have the time to search for it

            However it IS secure
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: 2-factor authentication for MS Terminal Services

              We use RSA Secure ID and can't fault it.

              In order to access a Terminal Server you need to know a valid username / password for the domain, have the secure ID fob and know the 6 digit pin for the fob. Can't get much more secure than that.

              Also, if your using Citrix for with your Terminal Servers secure ID integrates fine with Citrix Secure Gateway.

              Michael
              Michael Armstrong
              www.m80arm.co.uk
              MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: 2-factor authentication for MS Terminal Services

                Plus side on the cellphone solution COMPANY REMOVED is that you don't have to manage those physical tokens such as a fob, especially if people are spread out remotely. They also have some flexibility relative to WHICH telephone network you are relying on. If wireless is dead or stolen or out of range, you can switch pretty easily to a nearby wireline solution.


                Dumber: company removed because of possible spam
                Last edited by Dumber; 6th June 2008, 10:27.

                Comment


                • #9
                  Re: 2-factor authentication for MS Terminal Services

                  Personally I'm still not convinced.
                  Last edited by Dumber; 6th June 2008, 10:27.
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: 2-factor authentication for MS Terminal Services

                    Well, I suppose it depends on how big a problem it is. If the workforce is widely distributed, if access to the network is mission critical, if they tend to lose tokens, if phishing is a concern, then it seems like phone-based solutions might be useful...

                    Comment


                    • #11
                      Re: 2-factor authentication for MS Terminal Services

                      Those are non-trivial issues, at least where I work. I wish there were a broader set of solutions along these lines...

                      Comment

                      Working...
                      X