Home page logo
/

basics logo Security Basics mailing list archives

Re: Evaluating Two Factor Authentication
From: Nick Owen <nowen () wikidsystems com>
Date: Mon, 4 Oct 2010 08:45:06 -0400

On Thu, Sep 30, 2010 at 8:49 PM, M.D.Mufambisi <mufambisi () gmail com> wrote:
Hi,

I will be evaluating 2 factor authentication scheme in the next coming days.
Is there anyone who can point me to some good resources on this?
Whitepapers..documents...anything?

Regards

This is from my company, so "consider the source" ;) :
http://www.wikidsystems.com/webdemo/papers/Evaluating_Strong_Authentication_Systems.pdf

One question we get often is "Do you work with VPN X?" or whatever
service.  I recommend you go a level deeper and choose a standard
authentication protocol and then make that a requirement. Then, just
make sure that everyone supports your protocol.

I highly recommend you standardize on Radius. It is extremely well
supported and very simple to use.  What does it get you?  Linux via
pam-radius, apache via mod-auth-radius and windows via IAS/NPS.  You
can have your services talk radius directly to your two-factor
authentication server or have it go through a radius server such as
freeradius or IAS/NPS. The benefit of doing the latter is that IAS/NPS
will first validate that the user is the right AD group before
proxying the credentials to the auth server. Meaning there is only 1
location where a user needs to be disabled.

Here are a couple of how-to on IAS and NPS:
IAS: 
http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication/
NPS: http://www.networkworld.com/news/2010/050710-two-factor-authentication-through-windows-server.html
(somewhat product specific, but the architecture and steps are generic).

HTH,

Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]