Articles by nowen
-
Adding WiKID Two-Factor Authentication To Google Apps For Your Domain
Author: nowen • Tags: security • Comments: 2Adding WiKID Two-Factor Authentication To Google Apps For Your Domain Google offers two-factor authentication for Google Apps via their own authenticator. Why would you want to use WiKID instead? Well, for starters, since you have outsourced most of your security to Google, the only security you can control is authentication. Wouldn't you like to keep a close eye on the keys to your kingdom? Second, have you ever tried to get support from Google? Third, does Google provide you with the logging required to meet your compliance needs?
-
How To Add WiKID Two-Factor Authentication To OpenVPN Community On Ubuntu 13.04
Author: nowen • Tags: linux, security, storage, ubuntu • Comments: 0How To Add WiKID Two-Factor Authentication To OpenVPN Community On Ubuntu 13.04 These instructions describe setting up two-factor authentication with WiKID Strong Authentication, which is a commercial/open source two-factor authentication system and OpenVPN, an SSL-encrypted VPN, on an Ubuntu 13.04 Linux server using the Radius Pluggable Authentication Module. First, we will configure PAM to use Radius, then we will configure OpenVPN to use PAM and one-time passwords, then we will create a network client on the WiKID server for OpenVPN. We won't go into specifics about installing these services, rather we will focus on configuring them to all work together.
-
How To Configure Apache To Use Radius For WiKID Two-Factor Authentication On Ubuntu
Author: nowen • Tags: apache, linux, security, ubuntu, web server • Comments: 0How To Configure Apache To Use Radius For WiKID Two-Factor Authentication On Ubuntu This document describes how to add WiKID two-factor authentication to Apache 2.x using mod_auth_radius on Ubuntu 12.04 Precise. It is recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks. The use of cryptography is key. While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image.
-
-
Increasing the security of PPTP by adding two-factor authentication to poptop
Author: nowen • Tags: linux, security • Comments: 0Security Issues and Poptop PPTP does not have the best history in terms of security. The original Microsoft implementation for PPTP faired very poorly. MS-CHAPV2 solved these weaknesses - for wired networks. Unfortunately, back in 2004, Joshua Wright released a version of ASLEAP capable of brute-force attacking PPTP passwords in a wireless environment. As a systems administrator for the VPN, you can't tell if a user is connecting via some public WiFi service where someone might be running a tool like ASLEAP. Yet, the presense of PPTP client software on Windows machines makes using PPTP very tempting. The best answer to this problem is to utilize two-factor authentication. If a one-time passcode is brute-forced, it won't matter as it can't be used again.
-
Adding Two-Factor Authentication To OpenVPN AS With The WiKID Strong Authentication Server
Author: nowen • Tags: security • Comments: 0Adding Two-Factor Authentication To OpenVPN AS With The WiKID Strong Authentication Server Pairing WiKID with two-factor authentication and OpenVPN AS is a great cost-effective solution to secure your network for minimal expense. I downloaded the RPM Version of OpenVPN Access Server and dropped the RPM onto a Centos VM. I had previously configured a WiKID two-factor authentication server using our Enterprise ISO. The OpenVPN server configures itself on install and directs you to change the password for the openvpn user and directs you to the Openvpn AS web interface.
-
How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu 12.04
Author: nowen • Tags: apache, debian, security, ubuntu • Comments: 0How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu 12.04 This document describes how to add WiKID two-factor authentication to Apache 2.2.22 using mod_auth_radius on Ubuntu 12.04. It is also recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks. The use of cryptography is key. While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image.
-
Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID
Author: nowen • Tags: security, ubuntu • Comments: 0Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID Single sign-on is a great technology. Requiring users to login to multiple applications is huge hassle, encourages password reuse and simple passwords. Security needs to focus on usability. If you can make a user's life better while increasing security, everybody wins. In this how-to we will set up the open-source CAS SSO product with the WiKID Strong Authentication Server for two-factor authentication for sessions and mutual https authentication for host authentication. Obviously using two-factor authentication for the login increases security because the user must have the factors to get access, in this case, knowledge of the PIN and possession of the private key embedded in the token. The CAS server is running on Ubuntu 11.04 Server and is using Radius to talk to the WiKID Strong Authentication Server Enterprise Edition.
-
How To Set Up A Web-Based Enterprise Password Manager Protected By Two-Factor Authentication
Author: nowen • Tags: linux, security • Comments: 1How To Set Up A Web-Based Enterprise Password Manager Protected By Two-Factor Authentication While it is great that more services such as Facebook and Google are offering two-factor authentication, there are still plenty of services that do not. What is the next best thing? Using a password manager and incredibly complex passwords. A password manager allows you to use different passwords at all the sites and services you visit, but it creates a 'keys-to-the-kingdom' problem. This tutorial will show you how to install the WebKeePass open-source web-based, enterprise password manager and how to protect it with two-factor authentication from WiKID Systems. Note that we have not evaluated the security of WebKeePass - this would certainly be worthwhile. Our primary selection criteria were: open-source, multi-user and allowed for external authentication, in this case via LDAP. Another option that looked promising was CorporateVault.
-
Adding Two-Factor Authentication To JOSSO
Author: nowen • Tags: security • Comments: 0Adding Two-Factor Authentication To JOSSO WiKID Systems recently partnered with Atricore, the makers of JOSSO an enterprise-class SSO application. Both two-factor authentication and single sign-on have historically been expensive and complex affairs. Atricore and WiKID have both been addressing these issues by releasing easy-to-use, open-source software. These efforts merged when Atricore added native support for the WiKID Strong Authentication to their product JOSSO. In this tutorial you will see how easy it is to add two-factor authentication to JOSSO, creating a secure, easy-to-use solution for organizations needing SSO. JOSSO supports a wide variety of services including Tomcat, jBoss, Apache, IIS, Liferay, Weblogic, and Alfresco as well as cloud services such as Google Apps, Salesforce and SugarCRM. WiKID for its part supports Radius, LDAP and TACACS+ in addition to having an API. WiKID Software tokens run on Linux, Mac, Windows, iPhone, Android, J2ME and others.
-
Securing SSH On Ubuntu With WiKID Two-Factor Authentication
Author: nowen • Tags: security, ubuntu • Comments: 2Securing SSH On Ubuntu With WiKID Two-Factor Authentication SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. In this document we are going to demonstrate how to combine two-factor authentication from WiKID on Ubuntu. First, we will configure a domain on the WiKID server, then add the targeted server as network clients to the WiKID server, and finally configure the Ubuntu box via pam-radius.