Solved

Two factor authentication

Posted on 2016-11-01
6
83 Views
Last Modified: 2016-11-15
Hi, I manage a small network comprising one 2008 DC and one 2008 server with terminal services and about 20 client laptops. I am investigating upgrading security to include two factor authentication.
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

Thanks in advance for any help on this...

Andrew
0
Comment
Question by:activateahsd
6 Comments
 
LVL 14

Assisted Solution

by:Wayne88
Wayne88 earned 83 total points
ID: 41868613
I don't know if your requirement is to be able to only login once and sign on to both VPN and RDP or simply to be able to use the same TTA credentials for both VPN and RDP.  If it's the first, I don't think you can but if the latter then I think you can achieve your objective using DUO security for both VPN and RDP.

I am also in the market for TTA and leaning toward RSA but my objectives are different than yours.  Have a look at DUO and sign up for free.  Also give them a call, they're quite helpful.

https://duo.com/
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 83 total points
ID: 41868668
We just recently moved from a token based system for our VPN users to MS Azure for phone factor authentication.  https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
0
 
LVL 14

Accepted Solution

by:
SIM50 earned 251 total points
ID: 41869139
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

You can setup RSA SecurID for VPN and RDP authentication. I haven't worked with Macs.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 83 total points
ID: 41869376
You can try Rohos logon key via Google aurhenticator for OTP using your mobile, or yubikey or through SMS to mobile device. It support Macs too using yubikey or USB key but pending mobileapps support.

http://www.rohos.com/2013/02/google-authenticator-windows-login/

Most of the time there is a RADIUS to proxy the authentication for RDP and VPN.

The basic configuration will look like: VPN >> NPS/AD >> WiKID. In RADIUS terms, the VPN will be client to NPS and NPS will be a server to the VPN and a client to WiKID. While we are using WiKID for this example, because RADIUS is an open standard, this configuration works with many solutions.
http://www.techworld.com/tutorial/security/configuring-nps-2012-for-two-factor-authentication-3223170/
0
 

Author Closing Comment

by:activateahsd
ID: 41889214
decided to go with SecurID
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trouble with VPN DENY rules on sonicwall 1 34
how to remove .wallet ransomware 8 108
AWS Design\Cisco Meraki 4 23
PCI Compliance - mixing SAQs 6 32
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question