Solved

Deploying a 2 factor authenication for a remote admin connection

Posted on 2014-01-09
6
75 Views
Last Modified: 2015-06-23
Currently using Radmin, but this is a not a sufficient form or a 2 factor authentication against our servers. Options I am currently investigating would be  1) VPN, 2) Purchasing Certificates 3) Setting up a Certificate Server.  Want to deploy the most cost effective means to ensure we have indeed a 2 factor authentication for remote admin. Any suggestions or other tools/methods would be more than welcome. Keeping in mind these machines are all standalone and not on any domain at this time.
0
Comment
Question by:cgooden01
6 Comments
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
VPN would be the cheapest method available. You could opt for PPTP (built-in Windows Server), or decide for the more complicated OpenVPN route.
In more advanced routers or security appliances, VPN is also built-in with various options ((L2TP or SSL based).
Since Radmin requires one single port, if any SSH server with tunneling is already available, you can use that too instead of VPN.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
No need to buy official certificates, you can use your own for free, e.g. created with OpenSSL. PPTP itself doesn't allow for certificates, AFAIK. L2TP/IPSec does, OpenVPN, and most IPSec VPN devices.

Building SSH tunnels is another (free) way to do it, again combined with certificates you can create yourself.

It depends on what your need exactly is. Do you want to provide administratrion to a few of locations, but many machines, or one machine per site, or ... As you say "standalone", I'm thinking more in direction of a POS, and centralized authentication (RADIUS) isn't available.
0
 

Author Comment

by:cgooden01
Comment Utility
This purpose would only be to provide administration to only a few servers from one location.  I was thinking in the direction of SSH tunnels via VPN combined with self created certificates.  Just need to iron out this procedure.    The purpose is to allow remote administration from one to another.
0
 

Author Comment

by:cgooden01
Comment Utility
So the direction i am leaning toward now is L2TP/IP thus fulfilling a stronger authentication by requiring 2 levels of authentication, using a computer level authentication certificate for the IPSec session and a user level authentication using a PPP authentication protocol for the L2TP tunnel.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now