Hi guys, This is a work-related question, but I'm coming up with a blank here! At the moment we're working with a list of customer connection details (sometimes containing RDP IPs and domain user/passwords etc) as part of our remote support teams. At the moment the database is password protected using a long, randomised password which changes weekly. With the upcoming GDPR the thought from management is that it might not be secure enough, so they've asked me to look at whether we can find a sensibly-priced 2-factor authentication, preferably a hardware token that we can plug in to each machine when used. I've had a Google around, and other than a relatively vague reference in some Oracle documentation I can't find anything. Has anyone run across something that might help? Even if it was an encrypted sandbox that would do, just something to provide an extra layer of security.
We use duo at my work 2 fa supports pretty much everything and can use hardware tokens or phones (we use mobile app here)
you could look to encrypt the db as thats the best approach (not the cheapest mind you). most db vendors offer some form of encryption for their products. there are plenty of 3rd party options ones that spring to mind are Gemalto's Protect db product or protect file (enterprise grade) or maybe something from Thales but cant remember the product name. alternatively you could go with generic file encryption which would be cheaper i think. Most of the major security vendors have something in this area such as Check Points capsule docs secure, symantec, mcafee, winmagic, sophos etc almost all the solutions support 2FA on top. Let me know if you need any help as i work in security sales for a IT distributor.
depending on the amount of details your saving for each customer, keepass might do what you need. It allows multifactor password / file based / windows auth and a fair choice of encryption options. Its what I use at work. Stick this on an encrypted share or disk and I would say your likely to be covered without the cost of a separate 2 factor solution edit: just noticed how long this thread is
We store all that stuff in a lastpass team account (along with ssh keys, database credentials etc.). It allows you to create folders and grant permissions to each folder to users as needed, you can force 2fa/password complexity/rotation rules. We then use a connection manager (RoyalTS), and point that at Lastpass to auto-log in using those credentials, but you're prompted for your 2fa when doing so.
