Articles by nowen

  • WiKID + OpenLDAP + Freeradius Howto

    Author: nowenTags: , Comments: 0

    WiKID + OpenLDAP + Freeradius Howto I installed Openldap and freeradius on one (virtual) server and WiKID on another. We believe that this separation of duties is good security policy. In a way it also makes the setup easier because both WiKID and Freeradius listen on port 1812 of the localhost. Both servers are running Centos5.

  • Installing The WiKID HTML5 Token Client

    Author: nowenTags: Comments: 0

    Installing The WiKID HTML5 Token Client The WiKID HTML5 token uses the HTML5 APIs to enable the browser to contain an embedded token client. The token uses the same public key + PIN authentication as the standard WiKID tokens but is implemented in JavaScript within the browser. Using HTML5 provides cross-browser support (Firefox and Chrome, not IE yet), a very easy installation process and slick user experience. This tutorial will explain how to install the WiKID HTML5 token client.

  • How To Add Two-Factor Authentication To Openvpn AS With The WiKID Strong Authentication Server

    Author: nowenTags: Comments: 0

    How To Add Two-Factor Authentication To Openvpn AS With The WiKID Strong Authentication Server It's been a while since our last tutorial on how to add two-factor authentication to OpenVPN using the WiKID Strong Authentication System. The people at OpenVPN have been very active lately and it seems like a good time to take a look at what they've done. It's still dead simple to configure, but it is mostly done via the new slick web interface.

  • Secure Your Wordpress Blog Administration With Two-Factor Authentication

    Author: nowenTags: , , Comments: 3

    Secure Your Wordpress Blog Administration With Two-Factor Authentication Wordpress is a very popular blogging service. It was recently hit by a disturbing vulnerability that allowed attackers to reset the Administrator's password. While there is a patch for that vulnerability now, wouldn't it be best to not use static passwords? It is actually quite simple to add two-factor authentication to Wordpress.

  • Two-Factor Authentication For Google Apps For Your Domain Using SSO/SAML And WiKID Strong Authentication Server

    Author: nowenTags: Comments: 0

    Two-Factor Authentication For Google Apps For Your Domain Using SSO/SAML And WiKID Strong Authentication Server Everybody loves GMail. With Google Apps for you Domain, you can use GMail with your own domain, allowing organizations to outsource their email - and the requisite anti-spam filtering to Google. Webmail is very convenient, but for frequent travelers and those who use public wifi, it can be quite dangerous. Logging in from a kiosk or shared computer is a sure way to get your username and password stolen by a keystroke logger. While cloud services are great, maintaining security is tough. In this document, we will add two-factor authentication to Google Apps for Your Domain using their SSO/SAML protocol and the open-source version of the WiKID Strong Authentication server.

  • How To Install The WiKID Strong Authentication System On Slackware

    slackware Author: nowenTags: , Comments: 0

    How To Install The WiKID Strong Authentication System On Slackware Tested on Slackware 12.2, 2.6.28.7-grsec, PostgreSQL 8.3.6, postgresql-8.3-604.jdbc4. Note: Some of the configuration scripts included with WiKID are designed for Redhat and friends, several steps in this guide focus on modifying these scripts for Slackware as well as working around some of them.

  • How To Add Two-Factor Authentication To phpBB

    Author: nowenTags: , , , , Comments: 0

    How To Add Two-Factor Authentication To phpBB This document describes how to add WiKID two-factor authentication to phpBB through Apache using mod_auth_xradius. Given the recent attack against phpBB and the exposure of it's users' passwords, we thought two-factor authentication might be timely.

  • Prevent Phishing with Mutual Authentication

    Author: nowenTags: , , Comments: 1

    Prevent Phishing with Mutual Authentication Phishing is a man-in-the-middle attack. While many people think using time-bound, one-time passwords will solve the problem, they are wrong as attacks will just become automated. What is required is strong mutual authentication - authentication of the host to the user as well as the user to the host. This article demonstrates how to do that using open-source software from WiKID.

  • How to secure WebDAV with SSL and Two-Factor Authentication

    Author: nowenTags: , Comments: 1

    How to secure WebDAV with SSL and Two-Factor Authentication This how-to documents how to configure a WebDAV resource using SSL and  two-factor authentication and how to access that resource from Windows, Linux and Mac.

  • How to secure an SSL VPN with one-time passcodes and mutual authentication

    Author: nowenTags: Comments: 0

    How to secure an SSL VPN with one-time passcodes and mutual authentication SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.