• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1165
  • Last Modified:

Is SSL VPN Two-Factor Authentication?

Environment:  Retail corprate headquarters and outlets.  PCI-DSS level 4 compliant.  SonicWall gateways are each location.

The boss approached me about using iPads to connect wirelessly to the network both at the office and the stores.  For standard remote access we use RSA products to meet the two-factor authentication PCI-DSS requirement.  The only option I see with the iPads is to use SonicWall's Mobile Connect with an SSL VPN.  Easy enough to set-up, but the question with which I am wrestling is this:  Is an SSL VPN really two-factor authentication?

I've seen arguments both pro and con, but nothing conclusive either way.
1 Solution
wireless networks are a can of worms when it comes to PCI - DSS - they require 802.1x authentication.

in answer to your question, NO, SSLVPN's are not 2FA.

2FA is something you use to secure access to your SSLVPN.

for something free, check out RCDEVS openotp - it plays nicely with google's free 2fa service
http://www.rcdevs.com/products/openotp/, and will integrate with your SSLVPN easily,.

Google 2FA will suffice as that second factor IF you use your mobile phone as the authentication device - there's no point having an IPAD with an embedded authentication app, takes away the purpose of 2FA.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now