Security Basics mailing list archives
Re: two-factor authentication, via T1?
From: Nick Owen <nickowen () mindspring com>
Date: Mon, 09 Mar 2009 17:12:35 -0400
dgonzalez () merituspayment com wrote:
Hello list, Does anyone have or has had experience with two-factor authentication via a T1 link? Here is the issue I have. I have a Co-Lo housing all server systems. The office I work from is connected to the Co-Lo via T1 link. We have 4 network segments (for PCI purposes) and to access the server segment, I need to implement two-factor authentication. I use remote desktop to access servers, but this is not enough. I am having trouble since I am connected to the Co-Lo via T1 on how I could implement this two-factor authentication.
You could set up a VPN over the t-1 and limit it that way. If only one segment needs two-factor, then take it off the T-1 and put it behind it's own firewall/vpn. Or you could implement an authentication mechanism for remote desktop. If these are windows servers, have them all point to IAS, the MS radius server and make IAS proxy the requests to your two-factor authentication server (after checking for group membership). For linux, the process is potentially similar, point your authentications to freeradius (or whatever) and make freeradius proxy the authentication to your two-factor authentication system. I would think that the former would be less work, but that's just a guess. HTH, Nick -- Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Commercial/Open-source Two-Factor Authentication
Current thread:
- two-factor authentication, via T1? dgonzalez (Mar 09)
- Re: two-factor authentication, via T1? Nick Owen (Mar 09)
- Re: two-factor authentication, via T1? aditya mukadam (Mar 10)
- RE: two-factor authentication, via T1? Wicks, James (NBC Universal) (Mar 11)
- <Possible follow-ups>
- Re: Re: two-factor authentication, via T1? no (Mar 10)