Announcement

Collapse
No announcement yet.

2 Factor Authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2 Factor Authentication

    I need to implement 2 factor authentication into my domain on all remote access connections.Does anyone have any recommendations on good systems / solutions?We currently use Citrix but are looking to also start using VPN clients on our laptops.

  • #2
    Re: 2 Factor Authentication

    RSA or Cryptocard is where I've positive experience with.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: 2 Factor Authentication

      NAP under Server 2008 supports certifcate/smartcard authentication in association with PEAP as well.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: 2 Factor Authentication

        Do you have any investment in hardware already (fingerprint readers on laptops or smart card readers)? If so, this may help force your decision

        Also ask yourself, what is the business case vs usernames and strong passwords?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: 2 Factor Authentication

          Remote access vpn's with cisco routers and ASA's support xauth (extended authentication)as part of phase 1.5. So the client authenticates the correct "vpn group" then also is prompted for user authentication. This authentication can be local, RADIUS, TACACS , Active Directory with pre-shared keys or certificates. They also support group-lock which will prevent a user from logging into another vpn group. You can also look at SSL vpn's, either clientless or client based with the cisco anyconnect client. SSL clientless is by far the easiest for the end user as no client is required. You can also setup portfowards, favorites, smart tunnels etc per group/user. Pretty much the ASA/router acts as a SSL proxy.
          Last edited by auglan; 6th August 2012, 13:14.
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment

          Working...
          X