[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Two factor authentication

Posted on 2016-11-01
6
Medium Priority
?
124 Views
Last Modified: 2016-11-15
Hi, I manage a small network comprising one 2008 DC and one 2008 server with terminal services and about 20 client laptops. I am investigating upgrading security to include two factor authentication.
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

Thanks in advance for any help on this...

Andrew
0
Comment
Question by:activateahsd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 18

Assisted Solution

by:Wayne88
Wayne88 earned 332 total points
ID: 41868613
I don't know if your requirement is to be able to only login once and sign on to both VPN and RDP or simply to be able to use the same TTA credentials for both VPN and RDP.  If it's the first, I don't think you can but if the latter then I think you can achieve your objective using DUO security for both VPN and RDP.

I am also in the market for TTA and leaning toward RSA but my objectives are different than yours.  Have a look at DUO and sign up for free.  Also give them a call, they're quite helpful.

https://duo.com/
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 332 total points
ID: 41868668
We just recently moved from a token based system for our VPN users to MS Azure for phone factor authentication.  https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
0
 
LVL 14

Accepted Solution

by:
SIM50 earned 1004 total points
ID: 41869139
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

You can setup RSA SecurID for VPN and RDP authentication. I haven't worked with Macs.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 332 total points
ID: 41869376
You can try Rohos logon key via Google aurhenticator for OTP using your mobile, or yubikey or through SMS to mobile device. It support Macs too using yubikey or USB key but pending mobileapps support.

http://www.rohos.com/2013/02/google-authenticator-windows-login/

Most of the time there is a RADIUS to proxy the authentication for RDP and VPN.

The basic configuration will look like: VPN >> NPS/AD >> WiKID. In RADIUS terms, the VPN will be client to NPS and NPS will be a server to the VPN and a client to WiKID. While we are using WiKID for this example, because RADIUS is an open standard, this configuration works with many solutions.
http://www.techworld.com/tutorial/security/configuring-nps-2012-for-two-factor-authentication-3223170/
0
 

Author Closing Comment

by:activateahsd
ID: 41889214
decided to go with SecurID
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question