Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cisco VPN Authentication


  • Please log in to reply
8 replies to this topic

#1 brettk

brettk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 11 October 2008 - 08:31 PM

My company recently introduced a Microsoft Windows VPN, which let's me work from home once a week because I can access all my work data from home on my work PC. Though I'm not an IT guy I'm worried about the possibility that others could access my stuff from their PC's (I haven't been great about keeping my username and password private, I must admit). I've heard there are other ways (something called "2-function"?) that could make better security. Could anyone help me understand 2-function better and help me know how to get it?

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:44 PM

Posted 12 October 2008 - 05:52 AM

1. GET with your IT support and change your log-in name to be different from that actually displayed. It's a simple change.

2. Change your password also. Change such routinely.

The '2-function' is a CISCO IT monitoring function as I've been told. Ask your IT how and if it is used?
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 lukep

lukep

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 18 October 2008 - 09:42 PM

I think you mean "2-factor authentication," not 2-function. 2-factor authentication works on all sorts of remote access vpn (windows, cisco, etc) and is meant to complement your normal username and password with something that proves you are you with something you have, and prove that you have. There are a variety of these tools, but a recently emerging one is to use your cellphone to fulfill the "what you have" requirement.

#4 brettk

brettk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 28 October 2008 - 10:07 PM

How does a cellphone prove who you are? How does it relate to increased security for our microsoft vpn?

#5 Pujita.Ian

Pujita.Ian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 15 November 2008 - 03:17 PM

IT has to do with the theory that there are three ways to prove your identity: who you are (fingerprint, retina, DNA, etc), What you have (Have you ever seen the movie Anastasia where the grandma has one half of the locket and Anastasia had the other?), and what you know (username/password). Your cellphone falls into the category of what you have. Possession of your cellphone could prove who you are.

#6 lukep

lukep

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 15 November 2008 - 03:25 PM

Here's a common implementation: You launch your windows/cisco ssl vpn authentication and enter your username and password. You enter username and password. Before you get access, system places a phone call to your cell. You pick it up and hit "#" Phone network tells vpn system that "what you have" has been satisfied, and you get in through the vpn.

#7 Pujita.Ian

Pujita.Ian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 15 November 2008 - 03:27 PM

There are a few solutions out there right now, including PhoneFactor. The best 2-factor solutions are flexible when it comes to use cases, but their vpn solution can be found at www.phonefactor.com/solutions/remote-access-vpns/. It's worth a look.

#8 lukep

lukep

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 15 November 2008 - 03:33 PM

PhoneFactor is one that seems to be getting some press these days. What makes them different?

#9 Pujita.Ian

Pujita.Ian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 15 November 2008 - 03:36 PM

Well, they've got agents set up for a variety of use cases which makes them easy to implement and mangage. They also have some free versions that make it easy for security managers to try it out, then upgrade later. Finally, the user experience is pretty good and flexible. Users don't seem to mind receiving a call and responding with a "#."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users