Security Basics mailing list archives
Re: Two Factor - Virtual Private Network
From: Nick Owen <nickowen () mindspring com>
Date: Mon, 16 Nov 2009 10:14:55 -0500
On 11/11/2009 08:13 AM, self.away wrote:
Hi. I'm trying to setup a remote access vpn (user dials up from home to our vpn server).The first goal was to set up a pptp vpn based on microsoft rras which turned out pretty easy. Now it has been required to add an extra layer of security to vpn authentication by adding a certificate which as far as i read it should be accomplished adding EAP authentication to our vpn pptp configuration. However it seems when adding EAP to vpn pptp ,authentication login to our VPN will only require certificate installed on remote vpn user workstation and not user/password. How can i get both user/password and certificate in the authentication process for vpn pptp with microsoft rras? Is there any other opensource vpn solution based on two-factor authentication?
As for the last question, there are a number of options, though the easiest will probably not be a 100% open source solution, because you are going to an MS authentication server. What you really want to think about is what VPN solutions work with what two-factor authentication solutions using the authentication protocols in my environment. I discussed this strategy in a recent webinar, which you can see here: http://rec1.dimdim.com/view/dimdim/183030aa-1f68-102d-9515-003048642bd7 which describes two-factor auth, auth protocols & a number of open-source remote access solutions. Here's some how-tos that might help as well: two-factor authentication & openvpn: http://www.wikidsystems.com/support/wikid-support-center/how-to/using-wikid-strong-authentication-with-openvpn two-factor and astaro: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-wikid-two-factor-authentication-to-the-astaro-security-gateway increasing the security of pptp (poptop): http://www.howtoforge.net/security-issues-and-poptop-pptp If you're need for both a password and a cert is driven by regulatory requirements, you should also make sure that you can prove the cert has a passphrase and key expiration. HTH, Nick -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open-source Two-Factor Authentication http://twitter.com/wikidsystems #wikid on irc.freenode.net ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Two Factor - Virtual Private Network self.away (Nov 12)
- Re: Two Factor - Virtual Private Network Jeffrey Walton (Nov 13)
- Re: Two Factor - Virtual Private Network Nick Owen (Nov 16)