Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Making My Cisco VPN even better

Oct 4, 2008 6:06AM PDT

My company's Cisco VPN gives us no trouble, but there is increasing sensitivity to the normal authentication measures we impose--a simple username and password. I know we can manage these policies in to steadily increasing complexity but it would be great to enhance security through some (hopefully without deployment of tokens and certificates). Any ideas?

Discussion is locked

- Collapse -
2-factor authentication solutions.
Oct 18, 2008 10:40AM PDT

There are some 2-factor solutions that don't require purchase or management of tokens. These allow you to leverage hardware already in the hands of your users--phones and pagers. I would recommend phone solutions these days for a few reasons, not the least of which is that more people have phones these days than pagers.

- Collapse -
Phone solutions
Oct 20, 2008 12:38PM PDT

Hi Guys,

What happens if you lose your phone? Isn't that a security risk?

- Collapse -
low security risk
Oct 25, 2008 4:25AM PDT

Although it would be bad for you if you lost your phone, It would not be a security risk per se, unless the person who happened to find it also knows your username and password. You could very quickly transfer the second factor authentication to another phone--say your landline and be just fine. I've fiddled with a service called PhoneFactor (www.phonefactor.com/solutions/remote-access-vpns/) which has worked well for us. There is some pretty good flexibility managing a 2nd factor solution for cisco remote access vpn authentication

- Collapse -
Thanks, I feel better
Oct 27, 2008 11:51AM PDT

Thanks for that point, yes your right, losing your phone is only a concern if they know your username and password, so it's really a moot point.

I actually downloaded and set-up Phone Factor, I've been concerned about the strength of Username & Password only protection for a while. Phone Factor was so easy to set up!!!!

Man, all good so far. I'm sleeping better.

- Collapse -
You found it!
Nov 8, 2008 12:26PM PST

Congratulations, I was going to suggest PhoneFactor or some other token-less, certificate-less solution to start.