Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 147
  • Last Modified:

Two factor authentication

Hi, I manage a small network comprising one 2008 DC and one 2008 server with terminal services and about 20 client laptops. I am investigating upgrading security to include two factor authentication.
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

Thanks in advance for any help on this...

Andrew
0
activateahsd
Asked:
activateahsd
4 Solutions
 
Wayne88Commented:
I don't know if your requirement is to be able to only login once and sign on to both VPN and RDP or simply to be able to use the same TTA credentials for both VPN and RDP.  If it's the first, I don't think you can but if the latter then I think you can achieve your objective using DUO security for both VPN and RDP.

I am also in the market for TTA and leaning toward RSA but my objectives are different than yours.  Have a look at DUO and sign up for free.  Also give them a call, they're quite helpful.

https://duo.com/
0
 
pony10usCommented:
We just recently moved from a token based system for our VPN users to MS Azure for phone factor authentication.  https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
0
 
SIM50Commented:
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

You can setup RSA SecurID for VPN and RDP authentication. I haven't worked with Macs.
0
 
btanExec ConsultantCommented:
You can try Rohos logon key via Google aurhenticator for OTP using your mobile, or yubikey or through SMS to mobile device. It support Macs too using yubikey or USB key but pending mobileapps support.

http://www.rohos.com/2013/02/google-authenticator-windows-login/

Most of the time there is a RADIUS to proxy the authentication for RDP and VPN.

The basic configuration will look like: VPN >> NPS/AD >> WiKID. In RADIUS terms, the VPN will be client to NPS and NPS will be a server to the VPN and a client to WiKID. While we are using WiKID for this example, because RADIUS is an open standard, this configuration works with many solutions.
http://www.techworld.com/tutorial/security/configuring-nps-2012-for-two-factor-authentication-3223170/
0
 
activateahsdAuthor Commented:
decided to go with SecurID
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now