Two Factor - Virtual Private Network
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Two Factor - Virtual Private Network
by self.away
::
Rate this Message:
Hi.
I'm trying to setup a remote access vpn (user dials up from home to our vpn server).The first goal was to set up a pptp vpn based on microsoft rras which turned out pretty easy. Now it has been required to add an extra layer of security to vpn authentication by adding a certificate which as far as i read it should be accomplished adding EAP authentication to our vpn pptp configuration. However it seems when adding EAP to vpn pptp ,authentication login to our VPN will only require certificate installed on remote vpn user workstation and not user/password. How can i get both user/password and certificate in the authentication process for vpn pptp with microsoft rras? Is there any other opensource vpn solution based on two-factor authentication? Thank you ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ |
|
|
Re: Two Factor - Virtual Private Network
by Jeffrey Walton-3
::
Rate this Message:
Hi self.away,
> How can i get both user/password and certificate in the authentication > process for vpn pptp with microsoft rras? > Is there any other opensource vpn solution based on two-factor authentication? I believe you can only choose one method. Microsoft recommends MS-CHAPv2 or EAP [1,2]. If the remote setup conforms to best practice, the certificate only becomes available (ie, decrypted from EFS) once the user logs on. Setups such as 'home user works from personal PC' is probably not a good idea. Jeff [1] Windows Security Resource Kit, ISBN 0-7356-1868-2, p. 436. [1] PKI and Certificate Security, ISBN 0-7356-2516-6, p. 596. On Wed, Nov 11, 2009 at 8:13 AM, self.away <self.away@...> wrote: > Hi. > I'm trying to setup a remote access vpn (user dials up from home to > our vpn server).The first goal was to set up a pptp vpn based on > microsoft rras which turned out pretty easy. > Now it has been required to add an extra layer of security to vpn > authentication by adding a certificate which as far as i read it > should be accomplished adding EAP authentication to our vpn pptp > configuration. > However it seems when adding EAP to vpn pptp ,authentication login to > our VPN will only require certificate installed on remote vpn user > workstation and not user/password. > How can i get both user/password and certificate in the authentication > process for vpn pptp with microsoft rras? > Is there any other opensource vpn solution based on two-factor authentication? > > Thank you > ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ |
|
|
Re: Two Factor - Virtual Private Network
by Nick Owen-2
::
Rate this Message:
On 11/11/2009 08:13 AM, self.away wrote:
> Hi. > I'm trying to setup a remote access vpn (user dials up from home to > our vpn server).The first goal was to set up a pptp vpn based on > microsoft rras which turned out pretty easy. > Now it has been required to add an extra layer of security to vpn > authentication by adding a certificate which as far as i read it > should be accomplished adding EAP authentication to our vpn pptp > configuration. > However it seems when adding EAP to vpn pptp ,authentication login to > our VPN will only require certificate installed on remote vpn user > workstation and not user/password. > How can i get both user/password and certificate in the authentication > process for vpn pptp with microsoft rras? > Is there any other opensource vpn solution based on two-factor authentication? As for the last question, there are a number of options, though the easiest will probably not be a 100% open source solution, because you are going to an MS authentication server. What you really want to think about is what VPN solutions work with what two-factor authentication solutions using the authentication protocols in my environment. I discussed this strategy in a recent webinar, which you can see here: http://rec1.dimdim.com/view/dimdim/183030aa-1f68-102d-9515-003048642bd7 which describes two-factor auth, auth protocols & a number of open-source remote access solutions. Here's some how-tos that might help as well: two-factor authentication & openvpn: http://www.wikidsystems.com/support/wikid-support-center/how-to/using-wikid-strong-authentication-with-openvpn two-factor and astaro: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-wikid-two-factor-authentication-to-the-astaro-security-gateway increasing the security of pptp (poptop): http://www.howtoforge.net/security-issues-and-poptop-pptp If you're need for both a password and a cert is driven by regulatory requirements, you should also make sure that you can prove the cert has a passphrase and key expiration. HTH, Nick -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open-source Two-Factor Authentication http://twitter.com/wikidsystems #wikid on irc.freenode.net ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ |
| Free embeddable forum powered by Nabble | Forum Help |
