Remote access and Two Factor Authentication

[gjames]

Hi,

I have been looking into remote access and two factor authentication and I thought I'd post to try and find out what other people use. The RSA securID keyfobs seem popular but are expensive. I have stumbled across something called a yubikey (Yubico) but don't really know anything about it. What do others do to provide secure remote access?

TIA

Glenn

[plexer]

The Yubikey has to be physically pluuged in whereas the secure ID solution just requires you to type in the rolling 6 digit number so should be supported on a larger variety of devices.

Ben

[plexer]

Other alternatives include using their mobile phones and having a single use pin sent via text.

Ben

[plexer]

Two-Factor Authentication using mobile phones

[Willott]

I have been thinking about this on 2 fronts - 1st for staff (with staff laptops) and secondly for students.

For staff, I have VPN setup, with the first factor being machine specific (SSL Client Certificate unique to machine - if machine is compromised it can be revoked) and the second being user specific (domain username and password).

For students (and staff without laptops), I'm thinking of having Squid setup in front of a Terminal Services Gateway, having authentication on the squid box which authenticates to a local database (1st factor - change password/pin in squid database if need be), then the user authenticating against the TS Gateway with domain credentials (and so showing them where they can logon to) - the second factor. This is only a theoretical idea of how I may do things here, it's most likely going to be the project for next year or the year after (along with a few more TSs so I can actually handle a large number of students being on - and hopefully a 100Mb net connection so we can handle a large number of students!).

The 2 factor using mobile phones for single use pin looks interesting - may consider adding in something like that (that sends pin to predefined mobile number and links to a username in squid).

Cheers

Will

[plexer]

Anyone else using 2 factor auth for anything?

There is a new software product out along with the Yubikey called authlite for ad windows login.

2 Yubikeys with authlite licences are $62.50

Ben

[plexer]

If you order them via/for school and have a vat number 2 keys with authlite licences would be $57 (£36) with recorded delivery.

Orders for the uk are fullfilled from their uk shipping office.

Ben