Home page logo
/

basics logo Security Basics mailing list archives

Re: Two Factor - Virtual Private Network
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 12 Nov 2009 18:41:54 -0500

Hi self.away,

How can i get both user/password and certificate in the authentication
process for vpn pptp with microsoft rras?
Is there any other opensource vpn solution based on two-factor authentication?
I believe you can only choose one method. Microsoft recommends
MS-CHAPv2 or EAP [1,2]. If the remote setup conforms to best practice,
the certificate only becomes available (ie, decrypted from EFS) once
the user logs on. Setups such as 'home user works from personal PC' is
probably not a good idea.

Jeff

[1] Windows Security Resource Kit, ISBN 0-7356-1868-2, p. 436.
[1] PKI and Certificate Security, ISBN 0-7356-2516-6, p. 596.

On Wed, Nov 11, 2009 at 8:13 AM, self.away <self.away () gmail com> wrote:
Hi.
I'm trying to setup a remote access vpn (user dials up from home to
our vpn server).The first goal was to set up a pptp vpn based on
microsoft rras which turned out pretty easy.
Now it has been required to add an extra layer of security to vpn
authentication by adding a certificate which as far as i read it
should be accomplished adding EAP authentication to our vpn pptp
configuration.
However it seems when adding EAP to vpn pptp ,authentication login to
our VPN will only require certificate installed on remote vpn user
workstation and not user/password.
How can i get both user/password and certificate in the authentication
process for vpn pptp with microsoft rras?
Is there any other opensource vpn solution based on two-factor authentication?

Thank you


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault