Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Two Factor Authentication?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Two Factor Authentication? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Two Factor Authentication? - 4.Aug.2008 1:52:16 PM   
jdostal

 

Posts: 27
Joined: 20.Sep.2007
Status: offline 		Hey Guys -

Just wondering if any of you are using 2 factor auth with your ISA VPN's.  I was looking into using our existing Secure Computing tokens but the solution is pretty bad :(
Post #: 1
RE: Two Factor Authentication? - 4.Aug.2008 2:32:53 PM   
ferrix

 

Posts: 363
Joined: 16.Mar.2005
Status: offline 		We're making a great one, not available quite yet :)

But there is a neat, in some cases free alternative.. take a look at PhoneFactor.

(in reply to jdostal)
Post #: 2
RE: Two Factor Authentication? - 4.Aug.2008 6:45:25 PM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		RSA SecurID provides very good ISA integration and is an industry standard, but is quite expensive.

Another alternative is to install Microsoft Certificate Services (free) and use this to issue/generate computer and user certificates which can be used for VPN authentication.

PhoneFactor and SecurEnvoy are also worth investigating...

Cheers

JJ

< Message edited by Jason Jones -- 4.Aug.2008 6:53:07 PM >

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to ferrix)
Post #: 3
RE: Two Factor Authentication? - 4.Aug.2008 6:46:03 PM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: ferrix

We're making a great one, not available quite yet :)

But there is a neat, in some cases free alternative.. take a look at PhoneFactor.


Hi Greg - please mail me more details!

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to ferrix)
Post #: 4
RE: Two Factor Authentication? - 5.Aug.2008 7:53:20 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline 		Interesting question.
The strongest method out there is EAP-TLS with the users' certificates stored on secure smart cards.
RSA SecurID can't beat it, you can beat it with a gun though. It depends on which side you are sitting, unless the OTP word has two P, the OTP mechanism is just focused on users' authentication.

Actually, if you go for L2TP/IPsec+certificates for machine auth+EAP-TLS with the users' certificates stored on secure smart cards, you can have one the strongest levels of authentication available today for the masses for remote access VPN. If you have upgraded to Vista, add the strong IKE auth, and you can't go wrong.

< Message edited by justmee -- 5.Aug.2008 7:54:23 AM >

(in reply to Jason Jones)
Post #: 5
RE: Two Factor Authentication? - 5.Aug.2008 8:15:00 AM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: justmee

Interesting question.
The strongest method out there is EAP-TLS with the users' certificates stored on secure smart cards.
RSA SecurID can't beat it, you can beat it with a gun though. It depends on which side you are sitting, unless the OTP word has two P, the OTP mechanism is just focused on users' authentication.

Actually, if you go for L2TP/IPsec+certificates for machine auth+EAP-TLS with the users' certificates stored on secure smart cards, you can have one the strongest levels of authentication available today for the masses for remote access VPN. If you have upgraded to Vista, add the strong IKE auth, and you can't go wrong.


Yeah I would agree, nice solution if you can do the PKI in house...

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to justmee)
Post #: 6
RE: Two Factor Authentication? - 5.Aug.2008 9:09:52 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline 		Yes, spot on. The PKI, for some reasons is not generally associated with easy.
And this is one of those moments, when people settle for a lower security solution, and not for the maximum afforded one, just because it's easier so.

(in reply to Jason Jones)
Post #: 7
RE: Two Factor Authentication? - 7.Aug.2008 4:56:10 PM   
jdostal

 

Posts: 27
Joined: 20.Sep.2007
Status: offline 		Thanks for the feedback guys.

We are currently using the Secure Computing token product and were hoping that it integrated will into ISA (it doesn't) so I was out looking for other ideas... thanks for the tips :)

(in reply to justmee)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Two Factor Authentication? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts