Solved

Two factor authentication

Posted on 2016-11-01
6
54 Views
Last Modified: 2016-11-15
Hi, I manage a small network comprising one 2008 DC and one 2008 server with terminal services and about 20 client laptops. I am investigating upgrading security to include two factor authentication.
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

Thanks in advance for any help on this...

Andrew
0
Comment
Question by:activateahsd
6 Comments
 
LVL 13

Assisted Solution

by:Wayne88
Wayne88 earned 83 total points
ID: 41868613
I don't know if your requirement is to be able to only login once and sign on to both VPN and RDP or simply to be able to use the same TTA credentials for both VPN and RDP.  If it's the first, I don't think you can but if the latter then I think you can achieve your objective using DUO security for both VPN and RDP.

I am also in the market for TTA and leaning toward RSA but my objectives are different than yours.  Have a look at DUO and sign up for free.  Also give them a call, they're quite helpful.

https://duo.com/
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 83 total points
ID: 41868668
We just recently moved from a token based system for our VPN users to MS Azure for phone factor authentication.  https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
0
 
LVL 13

Accepted Solution

by:
SIM50 earned 251 total points
ID: 41869139
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

You can setup RSA SecurID for VPN and RDP authentication. I haven't worked with Macs.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 83 total points
ID: 41869376
You can try Rohos logon key via Google aurhenticator for OTP using your mobile, or yubikey or through SMS to mobile device. It support Macs too using yubikey or USB key but pending mobileapps support.

http://www.rohos.com/2013/02/google-authenticator-windows-login/

Most of the time there is a RADIUS to proxy the authentication for RDP and VPN.

The basic configuration will look like: VPN >> NPS/AD >> WiKID. In RADIUS terms, the VPN will be client to NPS and NPS will be a server to the VPN and a client to WiKID. While we are using WiKID for this example, because RADIUS is an open standard, this configuration works with many solutions.
http://www.techworld.com/tutorial/security/configuring-nps-2012-for-two-factor-authentication-3223170/
0
 

Author Closing Comment

by:activateahsd
ID: 41889214
decided to go with SecurID
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
GRE Trunnel with IPsec Encryption Issue 3 34
Ideas for Conferences in 2017 3 51
VPN doubts 4 25
SQL BACKUP - 2008 R2 8 5
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now