Posted by:
admin
10 years, 5 months ago
It would be better for us if we recommended that our customers just have their VPNs etc talk radius directly to the WiKID server. It's a super-simple setup and the fastest way for us to "close the sale".
On the other hand if we recommend that you include your directory infrastructure in the process, it can be a lot of extra configuration and trouble-shooting. (Well, for the majority of people on AD, who have to configure NPS, yes. Freeradius/OpenLDAP is much simpler. But in fairness the NPS is also a NAC solution.) That delays our sales process and usually increases our cost of sales as we help people setup other company's products (ahem, Microsoft, Cisco).
There's really only one benefit to incorporating AD and that's user disablement. If you tie in AD to all your remote authentication processes, any AD admin can disable a user and keep them out of all the remote access services. And that admin does not need to be an admin of your two-factor authentication server either.
Of the 36% that were aware of their continued access, 9% actually chose to use it.
A recent survey showed that as many as a third of all ex-employees still had access to the corporate network after termination. Obviously, many of these ex-employees are friendly and some may be contractors, but clearly this number is too big, even if it's inflated.
So, we always recommend you include your directory in your two-factor authentication configuration.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)