Solved

Deploying a 2 factor authenication for a remote admin connection

Posted on 2014-01-09
6
81 Views
Last Modified: 2015-06-23
Currently using Radmin, but this is a not a sufficient form or a 2 factor authentication against our servers. Options I am currently investigating would be  1) VPN, 2) Purchasing Certificates 3) Setting up a Certificate Server.  Want to deploy the most cost effective means to ensure we have indeed a 2 factor authentication for remote admin. Any suggestions or other tools/methods would be more than welcome. Keeping in mind these machines are all standalone and not on any domain at this time.
0
Comment
Question by:cgooden01
6 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 39769941
VPN would be the cheapest method available. You could opt for PPTP (built-in Windows Server), or decide for the more complicated OpenVPN route.
In more advanced routers or security appliances, VPN is also built-in with various options ((L2TP or SSL based).
Since Radmin requires one single port, if any SSH server with tunneling is already available, you can use that too instead of VPN.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39770426
No need to buy official certificates, you can use your own for free, e.g. created with OpenSSL. PPTP itself doesn't allow for certificates, AFAIK. L2TP/IPSec does, OpenVPN, and most IPSec VPN devices.

Building SSH tunnels is another (free) way to do it, again combined with certificates you can create yourself.

It depends on what your need exactly is. Do you want to provide administratrion to a few of locations, but many machines, or one machine per site, or ... As you say "standalone", I'm thinking more in direction of a POS, and centralized authentication (RADIUS) isn't available.
0
 

Author Comment

by:cgooden01
ID: 39771129
This purpose would only be to provide administration to only a few servers from one location.  I was thinking in the direction of SSH tunnels via VPN combined with self created certificates.  Just need to iron out this procedure.    The purpose is to allow remote administration from one to another.
0
 

Author Comment

by:cgooden01
ID: 39772353
So the direction i am leaning toward now is L2TP/IP thus fulfilling a stronger authentication by requiring 2 levels of authentication, using a computer level authentication certificate for the IPSec session and a user level authentication using a PPP authentication protocol for the L2TP tunnel.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845833
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question