Your browser does not allow storing cookies. We recommend enabling them.

Fast Deployment of Two-Factor Authentication (2FA)

The most common authentication method is the password. It is a single-factor authentication that is based on the used knowing a secret. It is also a rather weak form of authentication, and many organizational security policies today require their high value asset to be secured with two-factor authentication (2FA)

Adding the second factor - something you have in addition to the something you know - improves security and makes the authentication considerably more resilient to attacks. There are many approaches to implementing the second factor of a two-factor authentication (2FA) - the second factor may be, for example, a security token (such as RSA SecurID) or a mobile phone of the user (such as in Duo Security 2FA )

Deploying Two-Factor-Authentication (2FA) for Server Farms

Regardless of the technical implementation most two-factor authentication solutions require an agent component at server-side. This means that large deployments that cover many server instances require the installation of an agent component in each of the protected servers.

Many of our Fortune 500 customers operate internal networks and data centers that include thousands, sometimes tens of thousands, of servers. Covering such massive back-end server volumes imposes a heavy cost - in licenses, manual work, and maintenance commitments.

Deploying 2-factor authentication in corporate server volumes may be prohibitely expensive. An approach that offers equal security with considerably reduced cost is required.

Easy Entry into 2FA - CryptoAuditor at Firewall

Using a solution such as CryptoAuditor at a network chokepoint (firewall or a gateway router) allows cost-effective and secure way to add 2 factor authentication in large server farms. Integration to CryptoAuditor is easy, and reduces the number of requires 2FA agents to one. This method provides benefits such as:

  • Ease of integration - there is a single integration point for the two-factor authentication solution
  • Multiple 2FA scheme support - CryptoAuditor can be integrated with a number of different solutions in parallel
  • Reduced maintenance cost - amount of maintained nodes is reduced to one
  • Improved server security - in addition to the added security provided by two-factor authentication, the server accounts' actual login credentials are not disclosed to end-users. This allows safe use of shared accounts.
  • Auditability - CryptoAuditor allows monitoring of the sessions to the servers, both in real-time as via recorded sessions.

CryptoAuditor is available for free evaluation at our online demonstration environment.

For more information on CryptoAuditor, see product pages here.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now