Two factor authnetication is considered be any two of the following.
1) Something you know
2) Something you have
3) Something you are
I want to know whether any of you would consider the following as two factor authentication...
A preconfigured copy of the cisco software VPN client including conenction details of an IPSec VPN (this includes the pre share key). And authentication to a windows domain configured on the VPN end point (a Cisco ASA).
One way to look at it is that the "something you have" is the Pre-configured Cisco VPN Client. And the "Something you know" is your Windows domain username and password.
What is the accepted wisdom on 2 factor authentication?
Can the Pre-configured VPN client be considered 1 of the authentication factors?
To me, strong authentication means at least some component of the authentication is out of band. Lots of folks think differently though.
Alternatively, you might call is weak[er] 2-factor;-) Does the "pre-configured client" mean that the software is somehow validated too? Will the shared key be the same for everyone? Will it ever change? An RSA token would be more secure. Still, it's certainly better than just a username/password. What are you trying to protect against?
we had that same setup and it did NOT pass for 2 factor, because the pre-shared key is not unique for every VPN user/machine. We had to implement RSA tokens to pass the audit. Your auditors may say the same.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...