Improve company productivity with a Business Account.Sign Up

x
?
Solved

Deploying a 2 factor authenication for a remote admin connection

Posted on 2014-01-09
6
Medium Priority
?
106 Views
Last Modified: 2015-06-23
Currently using Radmin, but this is a not a sufficient form or a 2 factor authentication against our servers. Options I am currently investigating would be  1) VPN, 2) Purchasing Certificates 3) Setting up a Certificate Server.  Want to deploy the most cost effective means to ensure we have indeed a 2 factor authentication for remote admin. Any suggestions or other tools/methods would be more than welcome. Keeping in mind these machines are all standalone and not on any domain at this time.
0
Comment
Question by:cgooden01
5 Comments
 
LVL 37

Expert Comment

by:Kimputer
ID: 39769941
VPN would be the cheapest method available. You could opt for PPTP (built-in Windows Server), or decide for the more complicated OpenVPN route.
In more advanced routers or security appliances, VPN is also built-in with various options ((L2TP or SSL based).
Since Radmin requires one single port, if any SSH server with tunneling is already available, you can use that too instead of VPN.
0
 
LVL 72

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39770426
No need to buy official certificates, you can use your own for free, e.g. created with OpenSSL. PPTP itself doesn't allow for certificates, AFAIK. L2TP/IPSec does, OpenVPN, and most IPSec VPN devices.

Building SSH tunnels is another (free) way to do it, again combined with certificates you can create yourself.

It depends on what your need exactly is. Do you want to provide administratrion to a few of locations, but many machines, or one machine per site, or ... As you say "standalone", I'm thinking more in direction of a POS, and centralized authentication (RADIUS) isn't available.
0
 

Author Comment

by:cgooden01
ID: 39771129
This purpose would only be to provide administration to only a few servers from one location.  I was thinking in the direction of SSH tunnels via VPN combined with self created certificates.  Just need to iron out this procedure.    The purpose is to allow remote administration from one to another.
0
 

Author Comment

by:cgooden01
ID: 39772353
So the direction i am leaning toward now is L2TP/IP thus fulfilling a stronger authentication by requiring 2 levels of authentication, using a computer level authentication certificate for the IPSec session and a user level authentication using a PPP authentication protocol for the L2TP tunnel.
0
 
LVL 37

Expert Comment

by:Seth Simmons
ID: 40845833
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question