Posted by:
admin
14 years, 11 months ago
A theme in my recent talks at various information security conferences has been that you should choose a good authentication protocol and then choose products that support that protocol. I recommend Radius because it is quite simple and a very standard standard, which is not always the case with IT standards.
We constantly get asked: "Does WiKID support VPN product X?" and the like. That's the wrong question to ask. The proper question is: "I have standardized on Radius/LDAP. Does WiKID support those authentication protocols?". The answer is 'yes' (as so do all enterprise-grade two-factor authentication systems). The benefit is flexibility. If you use standard protocols, you can easily replace components. You can start with OpenVPN as your VPN server and upgrade to a Cisco or Checkpoint VPN
concentrator down the road without changing your authentication system (though in that specific case, you would need to change clients, something to think about).
Recently a prospect was saying that a competitor had a great plugin for Active Directory that handled authentication and allowed administrators to associate tokens with users in AD. I pointed out that if they could use the Microsoft Radius plugin for authentication and have both simple user disablement maintain product flexibility.
That being said, having an API is important too. If you have a custom application, using an API might be simpler or add more value than adding a radius or ldap module. The WiKID API, for example, will allow you to create an application that pushes parts of the user administration to a third party, useful for cloud-based services or to allow a vendor to control which of their employees have access to your assets.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)