Solved

Two factor authentication

Posted on 2016-11-01
6
99 Views
Last Modified: 2016-11-15
Hi, I manage a small network comprising one 2008 DC and one 2008 server with terminal services and about 20 client laptops. I am investigating upgrading security to include two factor authentication.
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

Thanks in advance for any help on this...

Andrew
0
Comment
Question by:activateahsd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 16

Assisted Solution

by:Wayne88
Wayne88 earned 83 total points
ID: 41868613
I don't know if your requirement is to be able to only login once and sign on to both VPN and RDP or simply to be able to use the same TTA credentials for both VPN and RDP.  If it's the first, I don't think you can but if the latter then I think you can achieve your objective using DUO security for both VPN and RDP.

I am also in the market for TTA and leaning toward RSA but my objectives are different than yours.  Have a look at DUO and sign up for free.  Also give them a call, they're quite helpful.

https://duo.com/
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 83 total points
ID: 41868668
We just recently moved from a token based system for our VPN users to MS Azure for phone factor authentication.  https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
0
 
LVL 14

Accepted Solution

by:
SIM50 earned 251 total points
ID: 41869139
My questions are, is there one solution that will protect both RDP and VPN access forcing a user to authenticate using a smart phone for example before being able to connect to either RDP or VPN and also, what about Mac users would it work for them as well?

You can setup RSA SecurID for VPN and RDP authentication. I haven't worked with Macs.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 83 total points
ID: 41869376
You can try Rohos logon key via Google aurhenticator for OTP using your mobile, or yubikey or through SMS to mobile device. It support Macs too using yubikey or USB key but pending mobileapps support.

http://www.rohos.com/2013/02/google-authenticator-windows-login/

Most of the time there is a RADIUS to proxy the authentication for RDP and VPN.

The basic configuration will look like: VPN >> NPS/AD >> WiKID. In RADIUS terms, the VPN will be client to NPS and NPS will be a server to the VPN and a client to WiKID. While we are using WiKID for this example, because RADIUS is an open standard, this configuration works with many solutions.
http://www.techworld.com/tutorial/security/configuring-nps-2012-for-two-factor-authentication-3223170/
0
 

Author Closing Comment

by:activateahsd
ID: 41889214
decided to go with SecurID
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Resource timeout across a VPN 9 70
Fraud Email 22 124
Impacts of a Security Breach on an Organization 6 56
Lost or Stolen Laptops 13 44
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question