Hello Ben: > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of Ben Steele > Sent: Wednesday, August 25, 2010 5:42 PM > To: Mark Tech > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Router 2 factor authentication > > Out of curiosity can you tell me what led you to wanting 2FA for these > devices, and how the traditional acl/tacacs method failed your > requirements? > > Of course anyone who has implemented it is free to chime in, just generally > interested in peoples security concerns around this and how you feel it > mitigates whatever risks you were associating with it, also curious if it > affected the way you handle OOB access aswell. > > Ben > In our case it's for compliance reasons. There are requirements within scope for many models that require two-factor authentication. For OOB, we use 2-factor to an OOB network that doesn't have any outside connectivity beyond our border firewalls. Granted, we are only in a few locations and do all of our OOB using IP addressed devices. If I had a dial-in AUX device at some remote location I would ask for mitigating circumstances for that device.
Regards, Mike -- Michael K. Smith - CISSP, GSEC, GISP Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/