Re: two-factor authentication, via T1?

[Nick Owen <nickowen () mindspring com>]

dgonzalez () merituspayment com wrote:
> Hello list,
>
> Does anyone have or has had experience with two-factor authentication
> via a T1 link?
>
> Here is the issue I have. I have a Co-Lo housing all server systems.
> The office I work from is connected to the Co-Lo via T1 link. We have
> 4 network segments (for PCI purposes) and to access the server
> segment, I need to implement two-factor authentication. I use remote
> desktop to access servers, but this is not enough. I am having
> trouble since I am connected to the Co-Lo via T1 on how I could
> implement this two-factor authentication.

You could set up a VPN over the t-1 and limit it that way. If only one
segment needs two-factor, then take it off the T-1 and put it behind
it's own firewall/vpn.

Or you could implement an authentication mechanism for remote desktop.
If these are windows servers, have them all point to IAS, the MS radius
server and make IAS proxy the requests to your two-factor authentication
server (after checking for group membership).   For linux, the process
is potentially similar, point your authentications to freeradius (or
whatever) and make freeradius proxy the authentication to your
two-factor authentication system.

I would think that the former would be less work, but that's just a guess.

HTH,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
http://www.wikidsystems.com
Commercial/Open-source Two-Factor Authentication