Posted by:
admin
9 years, 2 months ago
We do a fair amount of testing and documentation for commercial and open-source VPNs (Cisco, SonicWall, Sophos, Checkpoint, etc, etc). Increasingly, we see VPNs embedding some type of two-factor authentication into their product. The idea is to make it simple to add 2FA to your VPN services, a laudable goal and perhaps sufficient for some small organizations. So, when should you consider using a stand-alone service instead?
1. When you have critical infrastructure or data that needs securing for security or compliance reasons. A prime example would be any system with credit card information covered by PCI or PII covered by HIPAA.
2. When you have privileged accounts with multiple users. Privileged account management is of increasing concern. If you are thinking about it, then you need to think about adding two-factor authentication to it.
3. If you need two-factor authentication for customers. No point in having two separate systems. We increasingly see SaaS providers needing two-factor authentication.
4. If you need two-factor authentication for out-bound access. We have recommended this in the past as way to find all the services sending data out of your network - and whether they should be or not!
5. If you allow vendors in your network. Think Target and their HVAC vendor.
6. You plan on implementing SSO. SSO means keys to the kingdom, so best protect them.
7. If you provide non-VPN remote access, such as with Bomgar or VMWare View.
In short, any place you use a password could be a place you use two-factor authentication. Two-factor authentication: Not just for remote access!
And, of course, you can download the WiKID server and set up five free users anytime.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)