 | Register | FAQ | Members | Social Groups | User Map | Calendar | Search | Today's Posts | Mark Forums Read |
Internet Related/Filtering/Firewall Internet Related forum sponsored by |
 | ||
| ||
 |
| |  | LinkBack | Thread Tools | Search Thread |
| Sponsored Links |
26-11-2009, 12:19 PM
| #1 |
  Join Date: Oct 2008 Location: Leicestershire
Posts: 8
 Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0  |  Remote access and Two Factor Authentication I have been looking into remote access and two factor authentication and I thought I'd post to try and find out what other people use. The RSA securID keyfobs seem popular but are expensive. I have stumbled across something called a yubikey (Yubico) but don't really know anything about it. What do others do to provide secure remote access? TIA Glenn |
 |
|
26-11-2009, 12:28 PM
| #2 |
  Join Date: Dec 2005 Location: Norfolk
Posts: 6,044
Thanks: 99
Thanked 349 Times in 304 Posts
Rep Power: 84    | The Yubikey has to be physically pluuged in whereas the secure ID solution just requires you to type in the rolling 6 digit number so should be supported on a larger variety of devices. Ben |
| |
|
26-11-2009, 12:30 PM
| #3 |
| Join Date: Dec 2005 Location: Norfolk
Posts: 6,044
Thanks: 99
Thanked 349 Times in 304 Posts
Rep Power: 84 | Other alternatives include using their mobile phones and having a single use pin sent via text. Ben |
| |
|
26-11-2009, 12:31 PM
| #4 |
| Join Date: Dec 2005 Location: Norfolk
Posts: 6,044
Thanks: 99
Thanked 349 Times in 304 Posts
Rep Power: 84 | |
| |
|
26-11-2009, 02:13 PM
| #5 |
| Join Date: Dec 2008 Location: Nottingham
Posts: 145
 Thanks: 16
Thanked 31 Times in 29 Posts
Rep Power: 10 | I have been thinking about this on 2 fronts - 1st for staff (with staff laptops) and secondly for students. For staff, I have VPN setup, with the first factor being machine specific (SSL Client Certificate unique to machine - if machine is compromised it can be revoked) and the second being user specific (domain username and password). For students (and staff without laptops), I'm thinking of having Squid setup in front of a Terminal Services Gateway, having authentication on the squid box which authenticates to a local database (1st factor - change password/pin in squid database if need be), then the user authenticating against the TS Gateway with domain credentials (and so showing them where they can logon to) - the second factor. This is only a theoretical idea of how I may do things here, it's most likely going to be the project for next year or the year after (along with a few more TSs so I can actually handle a large number of students being on - and hopefully a 100Mb net connection so we can handle a large number of students!). The 2 factor using mobile phones for single use pin looks interesting - may consider adding in something like that (that sends pin to predefined mobile number and links to a username in squid). Cheers Will |
| |
|
Yesterday, 10:11 AM
| #6 |
| Join Date: Dec 2005 Location: Norfolk
Posts: 6,044
Thanks: 99
Thanked 349 Times in 304 Posts
Rep Power: 84 | Anyone else using 2 factor auth for anything? There is a new software product out along with the Yubikey called authlite for ad windows login. 2 Yubikeys with authlite licences are $62.50 Ben |
| |
|
Yesterday, 10:16 AM
| #7 |
| Join Date: Dec 2005 Location: Norfolk
Posts: 6,044
Thanks: 99
Thanked 349 Times in 304 Posts
Rep Power: 84 | If you order them via/for school and have a vat number 2 keys with authlite licences would be $57 (£36) with recorded delivery. Orders for the uk are fullfilled from their uk shipping office. Ben |
| |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Securing Windows server 2003 Remote Desktop access for access through the internet | albertwt | Windows Server 2000/2003 | 20 | 20-08-2009 09:40 PM |
| Two factor authentication | k-mart | Windows | 0 | 28-10-2006 04:28 PM |
| Tags |
| ras , rsa , two factor , yubikey |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search Thread |
| |
