[c-nsp] Router 2 factor authentication
Michael K. Smith - Adhost
mksmith at adhost.com
Thu Aug 26 00:13:28 EDT 2010
Hello Ben:
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Ben Steele
> Sent: Wednesday, August 25, 2010 5:42 PM
> To: Mark Tech
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Router 2 factor authentication
>
> Out of curiosity can you tell me what led you to wanting 2FA for these
> devices, and how the traditional acl/tacacs method failed your
> requirements?
>
> Of course anyone who has implemented it is free to chime in, just
generally
> interested in peoples security concerns around this and how you feel
it
> mitigates whatever risks you were associating with it, also curious if
it
> affected the way you handle OOB access aswell.
>
> Ben
>
In our case it's for compliance reasons. There are requirements within
scope for many models that require two-factor authentication. For OOB,
we use 2-factor to an OOB network that doesn't have any outside
connectivity beyond our border firewalls. Granted, we are only in a few
locations and do all of our OOB using IP addressed devices. If I had a
dial-in AUX device at some remote location I would ask for mitigating
circumstances for that device.
Regards,
Mike
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC mksmith at adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
More information about the cisco-nsp
mailing list