1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows 2-factor authenticated database

Discussion in 'Software' started by Krikkit, 12 Feb 2018.

  1. Krikkit

    Krikkit All glory to the hypnotoad! Super Moderator

    Joined:
    21 Jan 2003
    Posts:
    23,448
    Likes Received:
    368
    Hi guys,

    This is a work-related question, but I'm coming up with a blank here!

    At the moment we're working with a list of customer connection details (sometimes containing RDP IPs and domain user/passwords etc) as part of our remote support teams.

    At the moment the database is password protected using a long, randomised password which changes weekly. With the upcoming GDPR the thought from management is that it might not be secure enough, so they've asked me to look at whether we can find a sensibly-priced 2-factor authentication, preferably a hardware token that we can plug in to each machine when used.

    I've had a Google around, and other than a relatively vague reference in some Oracle documentation I can't find anything. Has anyone run across something that might help? Even if it was an encrypted sandbox that would do, just something to provide an extra layer of security.
     
  2. deathtaker27

    deathtaker27 #noob

    Joined:
    17 Apr 2010
    Posts:
    2,060
    Likes Received:
    111
    We use duo at my work

    2 fa supports pretty much everything and can use hardware tokens or phones (we use mobile app here)
     
  3. adam_bagpuss

    adam_bagpuss Have you tried turning it off/on ?

    Joined:
    24 Apr 2009
    Posts:
    4,215
    Likes Received:
    148
    you could look to encrypt the db as thats the best approach (not the cheapest mind you). most db vendors offer some form of encryption for their products. there are plenty of 3rd party options

    ones that spring to mind are Gemalto's Protect db product or protect file (enterprise grade) or maybe something from Thales but cant remember the product name.

    alternatively you could go with generic file encryption which would be cheaper i think. Most of the major security vendors have something in this area such as Check Points capsule docs secure, symantec, mcafee, winmagic, sophos etc

    almost all the solutions support 2FA on top.

    Let me know if you need any help as i work in security sales for a IT distributor.
     
  4. Ramble

    Ramble Ginger Nut

    Joined:
    5 Dec 2005
    Posts:
    5,584
    Likes Received:
    38
    You're storing customer passwords unencrypted?
     
  5. dynamis_dk

    dynamis_dk Grr... Grumpy!!

    Joined:
    23 Nov 2005
    Posts:
    3,237
    Likes Received:
    186
    depending on the amount of details your saving for each customer, keepass might do what you need. It allows multifactor password / file based / windows auth and a fair choice of encryption options. Its what I use at work.

    Stick this on an encrypted share or disk and I would say your likely to be covered without the cost of a separate 2 factor solution

    edit: just noticed how long this thread is :)
     
  6. Edwards

    Edwards Active Member

    Joined:
    8 Oct 2010
    Posts:
    794
    Likes Received:
    42
    We store all that stuff in a lastpass team account (along with ssh keys, database credentials etc.). It allows you to create folders and grant permissions to each folder to users as needed, you can force 2fa/password complexity/rotation rules.

    We then use a connection manager (RoyalTS), and point that at Lastpass to auto-log in using those credentials, but you're prompted for your 2fa when doing so.
     

Share This Page