Security Basics mailing list archives
Re: Evaluating Two Factor Authentication
From: Nick Owen <nowen () wikidsystems com>
Date: Mon, 4 Oct 2010 08:45:06 -0400
On Thu, Sep 30, 2010 at 8:49 PM, M.D.Mufambisi <mufambisi () gmail com> wrote:
Hi, I will be evaluating 2 factor authentication scheme in the next coming days. Is there anyone who can point me to some good resources on this? Whitepapers..documents...anything? Regards
This is from my company, so "consider the source" ;) : http://www.wikidsystems.com/webdemo/papers/Evaluating_Strong_Authentication_Systems.pdf One question we get often is "Do you work with VPN X?" or whatever service. I recommend you go a level deeper and choose a standard authentication protocol and then make that a requirement. Then, just make sure that everyone supports your protocol. I highly recommend you standardize on Radius. It is extremely well supported and very simple to use. What does it get you? Linux via pam-radius, apache via mod-auth-radius and windows via IAS/NPS. You can have your services talk radius directly to your two-factor authentication server or have it go through a radius server such as freeradius or IAS/NPS. The benefit of doing the latter is that IAS/NPS will first validate that the user is the right AD group before proxying the credentials to the auth server. Meaning there is only 1 location where a user needs to be disabled. Here are a couple of how-to on IAS and NPS: IAS: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication/ NPS: http://www.networkworld.com/news/2010/050710-two-factor-authentication-through-windows-server.html (somewhat product specific, but the architecture and steps are generic). HTH, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Fwd: Evaluating Two Factor Authentication M.D.Mufambisi (Oct 01)
- Re: Evaluating Two Factor Authentication Jeffrey Walton (Oct 01)
- RE: Evaluating Two Factor Authentication Lauren Twele (Oct 01)
- Re: Evaluating Two Factor Authentication TAS (Oct 01)
- Re: Evaluating Two Factor Authentication M.D.Mufambisi (Oct 05)
- Re: Evaluating Two Factor Authentication Meenal Mukadam (Oct 05)
- Re: Evaluating Two Factor Authentication Jeffrey Singleton (Oct 05)
- Re: Evaluating Two Factor Authentication M.D.Mufambisi (Oct 05)
- Re: Evaluating Two Factor Authentication Nick Owen (Oct 05)