Dan Kenison
asked on
Best two-factor authentication to use with Barracuda SSL VPN?
Hi All,
I'm working for a company who are currently using VASCO hard tokens for two-factor authentication. They want to switch over to a soft token (e.g google authenticator) however after reading this (https://www.wikidsystems.com/blog/5-issues-enterprises-should-consider-before-using-google-authenticator-for-ssh/) I've been slightly put off. Also nobody can seem to 100% confirm whether a RADIUS server in Active Directory is required for Google Authenticator or whether Google provide one. I've spoken to Barracuda who said it should be as simple as creating a new authentication scheme on the VPN and selecting Google Authenticator as the option however I wanted this confirmed by Google before beginning.
What are other two factor authentication methods that are best used in Enterprise environments? And was a RADIUS server required etc?
Thanks in advance,
I'm working for a company who are currently using VASCO hard tokens for two-factor authentication. They want to switch over to a soft token (e.g google authenticator) however after reading this (https://www.wikidsystems.com/blog/5-issues-enterprises-should-consider-before-using-google-authenticator-for-ssh/) I've been slightly put off. Also nobody can seem to 100% confirm whether a RADIUS server in Active Directory is required for Google Authenticator or whether Google provide one. I've spoken to Barracuda who said it should be as simple as creating a new authentication scheme on the VPN and selecting Google Authenticator as the option however I wanted this confirmed by Google before beginning.
What are other two factor authentication methods that are best used in Enterprise environments? And was a RADIUS server required etc?
Thanks in advance,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I guess licensing issue is one that the corporate lawyers might want to stick their oar into.
I still like Google Authenticator, and it is easier than introducing Radius (assuming you don't already have that already).
Is the decision yours alone? If so, then go with what you think will be easiest to secure and support perhaps?
Alan.
I still like Google Authenticator, and it is easier than introducing Radius (assuming you don't already have that already).
Is the decision yours alone? If so, then go with what you think will be easiest to secure and support perhaps?
Alan.
ASKER
Hi Alan,
Does Google Authenticator not require an Active Directory RADIUS server? If not how does it authenticate against the domain\user?
This is what I want confirmed before I make any decision and Google are quite unhelpful. They just say they don't support these types of queries and for me to look on the forum pages which isn't exactly ideal.
Thanks and best regards,
Dan
Does Google Authenticator not require an Active Directory RADIUS server? If not how does it authenticate against the domain\user?
This is what I want confirmed before I make any decision and Google are quite unhelpful. They just say they don't support these types of queries and for me to look on the forum pages which isn't exactly ideal.
Thanks and best regards,
Dan
Hi Dan,
Sorry - I did not read your OP carefully enough.
I don't know the answer to that question - my comments were more general with respect to Google Authenticator / OTPs.
Perhaps wait and see if others post here with a specific answer to that.
Apologies if I wasted your time.
Alan.
Sorry - I did not read your OP carefully enough.
I don't know the answer to that question - my comments were more general with respect to Google Authenticator / OTPs.
Perhaps wait and see if others post here with a specific answer to that.
Apologies if I wasted your time.
Alan.
ASKER
Hi Alan,
No worries at all.
Thanks and best regards,
Dan
No worries at all.
Thanks and best regards,
Dan
EE requested assistance with closing this question.
ASKER
There is roughly between 20-25 servers in total and around 300 users.
Any two-factor authentication would be okay in this case. Ideally I would prefer one that's easy to configure (e.g not having to build RADIUS server) but if one is required then I will have too.
Thanks again,
Dan