Nowadays, every web service that cares about user security offers multi-factor authentication (MFA), also known as two-factor authentication (2FA). It requires two independent pieces of information to verify a user's identity. This authentication is much more secure than a regular password. You can find two-factor authentication in online banking, accounting software, and even Google services. Today in our review we will get acquainted with the ESET Secure Authentication two-factor authentication system, which can be easily integrated into the corporate network of an organization.
ESET Secure Authentication is a two-factor authentication tool that provides access to sensitive or confidential company information.
Why is this relevant for companies?
In many companies, employees are often the “weak link”. They often use the same passwords for all corporate systems. And sometimes they just share them with their colleagues or relatives. Because of this, information leaks can occur. Two-factor authentication allows you to close this vulnerability in the system. Another threat in the company is bots, Trojans and phishing. They can intercept passwords from company systems and pass them on to attackers. That being said, if an additional factor of authentication is used, it will be much more difficult to access your files.
In addition, in the context of remote work (now more and more companies use it), ESET Secure Authentication is becoming very relevant.
System requirements:
Server : Windows Server 2008/2008 R2 / 2012/2012 R2 / 2012 Essentials / 2012 R2 Essentials / 2016/2016 Essentials / 2019/2019 Essentials and Windows Small Business Server 2008/2011
Client : Windows 7/8 / 8.1 / 10 (including Fall Creators or Redstone 3 update)
Mobile OS: iOS 9 and above, Android 4.1 and above, Windows Phone 8.1 and above
Supported web applications:
Microsoft Exchange 2007 (Outlook Web Access - Exchange Client Access Server), 2010 (Outlook Web App - Exchange Mailbox Server Role, Exchange Control Panel), 2013 (Outlook Web App - Exchange Mailbox Server Role, Exchange Admin Center), 2016 (Outlook Web App - Exchange Mailbox Server Role, Exchange admin center)
Microsoft Dynamics CRM 2011, 2013, 2015, 2016
Microsoft SharePoint 2010, 2013, 2016
Microsoft SharePoint Foundation 2010, 2013
Microsoft Remote Desktop Web Access
Microsoft Terminal Services Web Access
Microsoft Remote Web Access
Software version during testing
License
By the number of users (from 5 devices)
Term - from 1 to 3 years
Why ESET Secure Authentication?
ESET Secure Authentication is a simple system that does not require special training and a lot of time to implement in a large company. It reliably protects all popular systems in the organization. It is not only logging into a computer (supported by Microsoft Windows, Linux or Mac OS X), but also protecting web applications (Microsoft Outlook Web App, Microsoft Exchange, Microsoft SharePoint, Microsoft Dynamics CRM), cloud services, VPN and VDI systems.
An additional password (second factor) comes to the user in the form of an SMS on the phone, or in a special application on the smartphone (PUSH messages). OTP password can also be delivered to e-mail. There is support for hardware tokens (operating according to OATN, NOTP and TOTP standards) and the FIDO2 standard. Recently there was support for embedded biometrics in Android and iOS apps.
Installation
ESET Secure Authentication was tested in edition and turned out to be really easy to set up, we did not need any special skills. First you need to download the distribution and install.
The installer is in English, but everything is clear in it. You can get the trial key here.
There are 2 types of installation - for those who want to integrate it into Active Directory, and standalone on machines that do not use a domain. We chose type 2 - Standalone. Next, select the necessary components for installation.
The installer itself checks if your system meets the ESET Secure Authentication requirements and shows which libraries may be missing for correct installation.
At a certain stage, a username and password are set to access the ESET Secure Authentication web administrator console.
Electrical engineering vs computer engineering
After successful completion of the installation, you need to go to the web console through any popular browser and enter the login and password that were previously set.
After that, we get to the main console window, where we see information about the license status, the number of active users, the product version and the modules that have been installed. The console interface is also in English. In the Users section, we see the categories of security modules (we only have Windows Login activated) and users for which you can configure two-factor authentication.
Next, select the user account that you want to protect, and enter the phone number, as well as specify other parameters.
Authentication confirmation methods:
SMS-based OTPs - SMS notifications
Mobile Application OTP - one-time password, pin-code generated in the mobile application:
Event-based (HOTP) - when the password has no expiration date, i.e. it will be generated every time it is requested.
Time-based (TOTP) - a new one is generated every time (every 30 seconds).
Mobile Application Push - notification in the mobile application. A specific action is requested and you can choose to accept or reject it. The user can now see where the request is coming from (IP address).
Hard Token - physical keys. The latest versions of ESET Secure Authentication have expanded the list of available authentication methods. This product now supports authenticators (such as dongles) that meet the FIDO2 standards. This improves security as well as user-friendliness - devices register quickly and easily without additional drivers.
We have installed the mobile app and selected the settings to receive Push notifications when logging into Windows. In order to link the mobile application to your user in ESET Secure Authentication, all you need to do is scan the QR code.
The mobile app is very simple and intuitive. You can set a PIN to enter it. If this is inconvenient, you can use a fingerprint or face recognition system. Everything works quickly and accurately.
At the same time, it is impossible to make a screenshot of the code in the mobile application for security reasons. This is to prevent the user from forwarding it to others.
Next, we rebooted the computer and tried to log in. They entered the password and then an ESA (ESET Secure Authentication) window appeared asking for the code. We opened the app on a smartphone and entered it. Success! Everything is working.
ESET Secure Authentication has a detailed reporting system where you can see when SMS was sent, who logged in and when, and much more.
There are also "fine" settings in which you can configure a list of white IP-addresses from which an additional password will not be requested, your company name in the application and other options.
Simple, understandable, convenient. Setting up ESET Secure Authentication on our Windows 10 computer went smoothly. Push notifications are working, SMS received.
It's worth noting that two-factor authentication will only work on machines with ESET Secure Authentication client installed. Integration with Active Directory allows you to quickly deploy ESA on computers, even in a large company. ESET Secure Authentication 3.0 brings significant performance improvements to large projects. The solution is easy to deploy on any network scale.
API source code packages (for systems connected to Active Directory) and SDKs based on Java, PHP and Microsoft .NET are available for implementation in their own authentication systems and systems for additional confirmation of user actions. This is a big plus for those who want to customize ESA for their company.
Another feature of the ESA system is easy integration into RADIUS systems, including: Microsoft Forefront Threat Management Gateway, Barracuda, F5 FirePass, Cisco ASA, Fortinet FortiGate, Citrix Access Gateway, Juniper, Citrix NetScaler, Palo Alto, Check Point Software, SonicWall, VMware Horizon View and Citrix XenApp.
No comments:
Post a Comment