Solved

Deploying a 2 factor authenication for a remote admin connection

Posted on 2014-01-09
6
90 Views
Last Modified: 2015-06-23
Currently using Radmin, but this is a not a sufficient form or a 2 factor authentication against our servers. Options I am currently investigating would be  1) VPN, 2) Purchasing Certificates 3) Setting up a Certificate Server.  Want to deploy the most cost effective means to ensure we have indeed a 2 factor authentication for remote admin. Any suggestions or other tools/methods would be more than welcome. Keeping in mind these machines are all standalone and not on any domain at this time.
0
Comment
Question by:cgooden01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 39769941
VPN would be the cheapest method available. You could opt for PPTP (built-in Windows Server), or decide for the more complicated OpenVPN route.
In more advanced routers or security appliances, VPN is also built-in with various options ((L2TP or SSL based).
Since Radmin requires one single port, if any SSH server with tunneling is already available, you can use that too instead of VPN.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39770426
No need to buy official certificates, you can use your own for free, e.g. created with OpenSSL. PPTP itself doesn't allow for certificates, AFAIK. L2TP/IPSec does, OpenVPN, and most IPSec VPN devices.

Building SSH tunnels is another (free) way to do it, again combined with certificates you can create yourself.

It depends on what your need exactly is. Do you want to provide administratrion to a few of locations, but many machines, or one machine per site, or ... As you say "standalone", I'm thinking more in direction of a POS, and centralized authentication (RADIUS) isn't available.
0
 

Author Comment

by:cgooden01
ID: 39771129
This purpose would only be to provide administration to only a few servers from one location.  I was thinking in the direction of SSH tunnels via VPN combined with self created certificates.  Just need to iron out this procedure.    The purpose is to allow remote administration from one to another.
0
 

Author Comment

by:cgooden01
ID: 39772353
So the direction i am leaning toward now is L2TP/IP thus fulfilling a stronger authentication by requiring 2 levels of authentication, using a computer level authentication certificate for the IPSec session and a user level authentication using a PPP authentication protocol for the L2TP tunnel.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845833
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question