Skip to main content

The WiKID Blog

Viewing posts by admin

VPN services leak info via IPv6

Earlier this year, we released a set of packer scripts that allow you to easily build a two-factor ready openvpn virtual appliance.  We have updated the scripts to turn off IPv6 because it seems that VPN services using Openvpn can leak information via IPv6.  (This was surely the easy fix. There may be better ones.)

Bridging Gunnar Gaps to create virtual circles

If you haven't read Gunnar Peterson's post Security, Fast and Slow, please do so now.  It is about how Security's natural tendencies grate the natural tendencies of Development.  Security needs to adapt to make it easier for Development to make the right decisions to bridges such gaps.  I now call these "Gunnar Gaps". 

The two things that actually work in information security and how to deploy them.

I was struck by this tweet by @chrisrollf:
2FA and VPNs  - 2 things that work

Sophos & Two-factor authentication

We tested integrating WiKID for two-factor authentication to a Sophos UTM VPN.  We documented the SSL-VPN, the LT2P /IPSec VPN and locking down administrator access.  Before you do any of these, you must first enable two-factor authentication on the Sophos VPN.

Self-hosted or Authentication-as-a-service?

So, we just released a freemium offering.  That's typically a SaaS marketing move.   Various hosted solutions have freemium two-factor authentication offerings.  However, many, many people are uncomfortable outsourcing the keys to their kingdom.  The reason we are willing to offer a piece of server software as a freemium product is that we are highly confident that the support costs will be minimal.  Our server is very robust and rugged.  It runs and runs.  Come to our IRC channel (#wikid on freenode) and ask some customers.  In fact, one of our biggest issues is that customers don't upgrade the server because they never have issues with it.

Authentication-as-a-Service offerings are not really 'software-free' either.  RADIUS, the primary authentication protocol for all enterprises is not encrypted.  So any AaaS service you use requires that you install software to proxy these requests.  Our goal is to make it as easy to install WiKID as it is to install these proxies.  On top of that, we offer advanced RADIUS functionality like Return-attributes, groups  as well as other protocols like TACACS+.

In addition, WiKID is easier for the end-user than 'two-step authentication'.  With WiKID, you get the OTP and login. That's better than logging in with a username and password, then getting an OTP and logging in.  Users do not need an extra hassle.

Recent Posts







RSS / Atom