Document Actions

Links

External Links

Configuring SSH To Use Freeradius And WiKID For Two-Factor Authentication: In this example, I am installing Freeradius on Fedora Core 7 and running the 3.0RC2 rpms of WiKID on Centos5 (however, the same instructions will work for the 2.0 version of WiKID.) We'll be testing with SSH, however, the same setup should work for Apache, WebDAV, OpenVPN, and any other application that supports PAM.
How to add two-factor authentication to Google Apps for your Domain using open source software: Everybody loves GMail. With Google Apps for you Domain, you can use GMail with your own domain, allowing organizations to outsource their email - and the requisite anti-spam filtering to Google. Webmail is very convenient, but for frequent travellers and those who use public wifi, it can be quite dangerous. Logging in from a kiosk or shared computer is a sure way to get your username and password stolen by a keystroke logger. Using a public WiFi system can lead to a man-in-the-middle attack. In this document we will take advantage of two open source projects to add two-factor authentication to Google Apps. The first is Gheimdall, a a TurboGears project for Google Apps SSO service. Gheimdall supports PAM and LDAP authentication natively. It also includes sample code to add new authentication methods, which made it very easy to add two-factor authentication from WiKID. WiKID is a dual-source two-factor authentication solution that uses public key cryptography to strongly authenticate users.
How To Add WiKID Two-Factor Authentication To The Astaro Security Gateway: Astaro is a very popular Linux-based "all-in-one" security appliance offering spam filtering, malware protection, firewall, VPN, etc. The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user's token where it is decrypted and presented for use with a network-based services. This document will show how to add WiKID two-factor authentication to the Astaro Security Gateway version 7 using Radius.
How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu: This document describes how to add WiKID two-factor authentication to Apache 2.x using mod_auth_radius on Ubuntu 8.1. A previous article described how to add two factor authentication to apache on Fedora. Interestingly, a patch has been created to update mod_auth_radius to work with Apache 2.2+, however, it has only been updated for Debian and Ubuntu. For Fedora and other RedHat flavors of Linux, it is recommended that you use mod_auth_xradius.
How to configure OpenVPN to use WiKID Strong Authentication: These instructions describe setting up two-factor authentication with WiKID Strong Authentication, which is a commercial/open source two-factor authentication system and OpenVPN, an SSL-encrypted VPN, on a Linux server using the Radius Pluggable Authentication Module.. First, we will configure PAM to use Radius, then we will configure OpenVPN to use PAM and one-time passwords, then we will create a network client on the WiKID server for OpenVPN. We won't go into specifics about installing these services, rather we will focus on configuring them to all work together.
How to configure Squid for two-factor authentication from WiKID: In this guide we will show how Squid can be configured to support two-factor authentication from a WiKID server, allowing users to be centrally authenticated, but their requests still distributed for efficiency.
How to install the WiKID Strong Authentication Server - Community Edition: The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user's token where it is decrypted and presented for use with a network-based services. While there are a number of tutorials on how to combine WiKID's two-factor system a variety of systems (such as SSH, OpenVPN, Apache and SSL-VPNs), this is the first to address how to install the WiKID Server. We assume that you have already configured an RPM-based server. In general, it is best to have WiKID be the only service running on the server. This configuration will minimize potential security risks.
How to secure an SSL VPN with one-time passcodes and mutual authentication.: SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.
How To Secure Postgresql Using Two-Factor Authentication From WiKID: This tutorial will demonstrate how to secure Postgresql databases using two-factor authentication from the WiKID Strong Authentication server via PAM on Linux. We assume you have Postgresql and the WiKID Strong Authentication server configured.
How to secure VNC remote access with two-factor authentication: VNC is the most popular remote access solution today. However, it was developed to provide remote access, not to provide secure remote access. Administrators have to add security to VNC by tunneling it through an encrpyted channel such as SSH and adding a layer of authentication. In this article, we will show you how to combine the NoMachine NX server to encrypt VNC and remote X session combined with two-factor authentication from WiKID Systems to create a secure, fast remote access solution.
How to Secure VSFTP with SSL and Two-factor Authentication: Recently, there was a report from Finjan that administrator credentials for over 9,000 FTP servers were for sale. Then, F-Secure noted an increase in FTP-based attacks. Many companies and organization still use FTP extensively. If you're running an FTP server and you think you're admin credentials might be one of those 9,000, you should consider implementing two-factor authentication for SSH, which will then also give you two-factor authentication for SCP. This document shows how to configure the popular and secure VSFTP to use SSL for encryption and WiKID for two-factor authentication for your FTP users.
How to secure WebDAV with SSL and Two-Factor Authentication: Web-based distributed authoring and versioning or WebDAV is the protocol that is creating the "read-write" web. It is facilitating collaboration in many ways across the internet, replacing proprietary protocols (FrontPage, e.g.) or superseding less functional open protocols ((FTP, SFTP).
Increasing the security of PPTP by adding two-factor authentication to poptop: PPTP does not have the best history in terms of security. The original Microsoft implementation for PPTP faired very poorly. MS-CHAPV2 solved these weaknesses - for wired networks. Unfortunately, back in 2004, Joshua Wright released a version of ASLEAP capable of brute-force attacking PPTP passwords in a wireless environment. As a systems administrator for the VPN, you can't tell if a user is connecting via some public WiFi service where someone might be running a tool like ASLEAP. Yet, the presense of PPTP client software on Windows machines makes using PPTP very tempting. The best answer to this problem is to utilize two-factor authentication. If a one-time passcode is brute-forced, it won't matter as it can't be used again.
Prevent Phishing with Mutual Authentication: Phishing is essentially a man-in-the-middle attack. The user is mis-directed, for example by social engineering or DNS-cache poisoning, to a fraudulent site. Because the user doesn't understand how to validate SSL certificates (and who does?), the trick works far too often. Efforts such as Extended Validation certificates are bound to fail in many cases because they rely on inconsistent visual aids and not strong cryptography. One-time passwords alone have also proven to be vulnerable to real-time MITM attacks. To prevent phishing consistently requires strong mutual authentication - validating the host to the user and the user to the host.
Secure SSH Using WiKID Two-Factor Authentication And TACACS+: These instructions are designed to help you configure and test using the WiKID TACACS+ protocol module via Linux PAM on Red Hat. This document has been updated to cover pam .99 and higher. We assume that you have already installed the open-source WiKID Strong Authentication Server Community Edition.
Secure your SSH deployment with WiKID two-factor authentication: SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit
Using WiKID 2-Factor Authentication with Monowall: In the last month I bought a 2-Factor Authentication system from Wikidsystems.com and have set it up as my authentication mechanism for my monowall-terminated PPTP VPN.