Internet Related/Filtering/Firewall Thread, Remote access and Two Factor Authentication in Technical; Hi,
I have been looking into remote access and two factor authentication and I thought I'd post to try and ...
26th November 2009, 12:19 PM #1
- Rep Power
Remote access and Two Factor Authentication
I have been looking into remote access and two factor authentication and I thought I'd post to try and find out what other people use. The RSA securID keyfobs seem popular but are expensive. I have stumbled across something called a yubikey (Yubico) but don't really know anything about it. What do others do to provide secure remote access?
26th November 2009, 12:28 PM #2
The Yubikey has to be physically pluuged in whereas the secure ID solution just requires you to type in the rolling 6 digit number so should be supported on a larger variety of devices.
26th November 2009, 12:30 PM #3
Other alternatives include using their mobile phones and having a single use pin sent via text.
26th November 2009, 12:31 PM #4
26th November 2009, 02:13 PM #5
I have been thinking about this on 2 fronts - 1st for staff (with staff laptops) and secondly for students.
For staff, I have VPN setup, with the first factor being machine specific (SSL Client Certificate unique to machine - if machine is compromised it can be revoked) and the second being user specific (domain username and password).
For students (and staff without laptops), I'm thinking of having Squid setup in front of a Terminal Services Gateway, having authentication on the squid box which authenticates to a local database (1st factor - change password/pin in squid database if need be), then the user authenticating against the TS Gateway with domain credentials (and so showing them where they can logon to) - the second factor. This is only a theoretical idea of how I may do things here, it's most likely going to be the project for next year or the year after (along with a few more TSs so I can actually handle a large number of students being on - and hopefully a 100Mb net connection so we can handle a large number of students!).
The 2 factor using mobile phones for single use pin looks interesting - may consider adding in something like that (that sends pin to predefined mobile number and links to a username in squid).
8th February 2010, 10:11 AM #6
Anyone else using 2 factor auth for anything?
There is a new software product out along with the Yubikey called authlite for ad windows login.
2 Yubikeys with authlite licences are $62.50
8th February 2010, 10:16 AM #7
If you order them via/for school and have a vat number 2 keys with authlite licences would be $57 (£36) with recorded delivery.
Orders for the uk are fullfilled from their uk shipping office.
By albertwt in forum Windows Server 2000/2003
Last Post: 20th August 2009, 10:40 PM
By k-mart in forum Windows
Last Post: 28th October 2006, 05:28 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread