Is SSL VPN Two-Factor Authentication?
Posted on 2013-01-29
Environment: Retail corprate headquarters and outlets. PCI-DSS level 4 compliant. SonicWall gateways are each location.
The boss approached me about using iPads to connect wirelessly to the network both at the office and the stores. For standard remote access we use RSA products to meet the two-factor authentication PCI-DSS requirement. The only option I see with the iPads is to use SonicWall's Mobile Connect with an SSL VPN. Easy enough to set-up, but the question with which I am wrestling is this: Is an SSL VPN really two-factor authentication?
I've seen arguments both pro and con, but nothing conclusive either way.