Two-factor authentication

Slides:



Advertisements
Similar presentations
McAfee One Time Password
Advertisements

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Mobility Extension Gain competitive edge for yourself and comfort for your customers.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
6000 Series Recorders. The Best Paperless Graphic Recorder in the World.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
User Adoption Issues Server Admin Fundamentals Solutions to User Adoption Issues.
Apache Triplesec: Strong (2-factor)
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
VPN: An Easy Software / Appliance Solution for Remote Access Robert Gulick, EdD DBA/Technology Trainer Parma City School District
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Feasibility Study.
Chapter 9 How Do Users Share Computer Files?. What is a File Server A (central) computer which stores files which can be accessed by network users.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
User Access to Router Securing Access.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
0 GAMETECH 12 Paul Jesukiewicz Lifelong Learning Cloud Filename/RPS Number.
TEqLOGIC Logic Portal Web . 2 What you don’t want What you do want How to get there Benefits What to do next What We Will Cover…
INFSO-RI ETICS Local Setup Experiences A Case Study for Installation at Customers Location 4th. All Hands MeetingUwe Müller-Wilm VEGA Bologna, Nov.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Yubikeys in the Enterprise Talk for Programmers Special Interest Group (PSIG) Canberra Bob Edwards, June 2009.
PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk.
Future Console Servers devproj project #31. Overview ● Requirements / motivation ● Current approach ● Possible future options – KVM over IP – IPMI – Serial.
An Analysis on NAT Security
Identity Standards Architect, Microsoft
Windows Communication Foundation and Web Services
CLOUDENTIFY.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
2 Factor & Multi Factor Authentication
How Do Users Share Computer Files?
Open OnDemand: Open Source General Purpose HPC Portal
Configuring ALSMS Remote Navigation
AuthLite 2-Factor for Windows Administration
ActivID Tap Authentication HID Global
Name, Title.
Password Management Limit login attempts Encrypt your passwords
Module 4 Remote Login.
Virtual Private Networks
Fastdroid Produced by : Firas Abdalhaq Mohammad Amour Supervised by : Dr. Raed Alqadi.
Security Engineering.
Fundamental Concepts in Security and its Application Cloud Computing
Two-factor authentication
Introduction To Networking
Tutorial on Creating Certificates SSH Kerberos
Windows Communication Foundation and Web Services
NERC CIP Implementation – Lessons Learned and Path Forward
Microsoft Bot Framework: changing how we communicate with users
Security.
How can I Recover My Quicken Password
HOW TO CREATE A NEW PROFILE IN MICROSOFT OUTLOOK?
Windows® MultiPoint™ Server 2010
The IT Infrastructure I want & why – A Personal Perspective
Protect your OneDrive and SharePoint files on mobile devices
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Chapter 8: Monitoring the Network
Simplifying Integration - the art of iWay Software
Virtual Private Networks
Unit 6: Application Development
12 STEPS TO A GDPR AWARE NETWORK
CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN
Security.
Encrypted Database Final Presentation
Convergence IT Services Pvt. Ltd
Talking Between Services with gRPC
Presentation transcript:

Two-factor authentication Ian Durkacz Development Meeting, 20th August 2014

Project #279 ‘Examine the options for two-factor authentication’ http://devproj.inf.ed.ac.uk/show/279 general statement of overall aspiration https://wiki.inf.ed.ac.uk/viewauth/DICE/Project279 InitialCallForRequirements an attempt to unpick the above

General requirements Anything we provide has to be: Simple to use Optional: whether or not users want to be involved is up to them Client platform independent (Question: in view of recent discussions here, are we including mobile phones, tablets etc. in the list of clients we undertake to support?)

One specific idea: Yubikey Hardware OTP generator Presents as a USB keyboard – so works on anything which has a USB port Easy for people to use; cheap – US$20 each Several possible modes of operation: Default: embeds an ever-increasing integer into an encrypted packet. Both Yubikey and the remote authentication server know the symmetric encryption key OATH-HOTP also supported More info: http://www.yubico.com/

Yubikey and ssh (1/2) Using Yubikey in default mode, this is working (cue demo …) Could be deployed on staff.ssh etc. Simple to use Optional per user (via pam_succeed_if) Client platform independent agnostic (but: does require USB)

Yubikey and ssh (2/2) ‘... could be deployed on staff.ssh etc ...’ In practice, in default mode need to: Integrate (Yubikey serial number, uuid) pairs in LDAP Describe Yubikey users as a (net)group Have procedures to maintain the above Have procedures to allocate the actual Yubikeys [Important] Set up an Inf authentication server Further wrangle with Yubico s/w builds to support the above

That’s all great, but: Assumption is that user’s password has been compromised, so: If Yubikey/ssh is to be useful, then we need all external access to be similarly restricted: Cosign (definitely feasible; required effort not clear) OpenVPN (don’t know about this) Git? Subversion? CVS? Anything/everything else we might ever use. I might need some help here ...

My questions Does Yubikey/ssh as presented here solve (any of) our actual requirements? Do we want to proceed with this? It will require further investment in time – probably not just by me. Should we be looking for a solution which also covers things like mobile phones? Configuring support for Yubikeys in OATH-HOTP mode (rather than default mode) might get us that – but needs work and testing.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.