| *** nowen (~nowen@adsl-98-66-165-233.asm.bellsouth.net) has joined #wikid | 12:32 | |
| asofrank | Hey Nick, I rewrote that Fortigate documentation. How do you want me to send it to you? | 13:15 |
|---|---|---|
| nowen | wow! thanks! | 13:16 |
| nowen | you can email if that works | 13:16 |
| asofrank | what format do you prefer? | 13:16 |
| nowen | well, html is what it will be, but whatever is fine. I can pretty much open anything | 13:17 |
| asofrank | i'll just paste it in a rich text email | 13:18 |
| nowen | excellent | 13:18 |
| asofrank | sent | 13:19 |
| asofrank | I only changed the fortigate specific stuff | 13:19 |
| nowen | thank you | 13:19 |
| asofrank | so it might be easiest just to transscribe the changes | 13:19 |
| nowen | yeah, that's what I did: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-wikid-two-factor-authentication-to-a-fortinet-vpn | 13:37 |
| nowen | was it all in the "Create or modify a user group in the Fortigate:" section? that's all I noticed | 13:38 |
| asofrank | no, there was some changes in the section above that as well | 13:38 |
| asofrank | couple lines | 13:39 |
| nowen | ahh | 13:39 |
| *** Lake_Lurker (~Just@h20.211.39.162.dynamic.ip.windstream.net) has joined #wikid | 13:44 | |
| *** Lake_Lurker has parted #wikid (None) | 13:44 | |
| *** SEJeff (~jeff__@209.160.81.1) has joined #wikid | 14:22 | |
| SEJeff | nowen, You guys need to do some marketing: http://www.net-security.org/secworld.php?id=11122 | 14:23 |
| nowen | SEJeff: howdy stranger | 14:23 |
| nowen | we are *terrible* at marketing | 14:24 |
| SEJeff | It is true | 14:24 |
| SEJeff | You've got a great little product that would be even better if more people knew about it. I only knew about it because I turned down a job with pricegrabber | 14:24 |
| nowen | on the other hand, a lot of people are pissed at the vendors who seem to be piling on to RSA | 14:25 |
| SEJeff | But this is something you guys really should capitalize on | 14:25 |
| SEJeff | Buy some adwords, shoot out some spam. You know, those annoying things | 14:25 |
| nowen | we are in many ways. amazingly analysts and infosec pros still don't see that RSA is shared secrets | 14:26 |
| nowen | we never got anything worthwhile from google ads | 14:27 |
| nowen | we've got a bunch of hits from this: http://www.howtoforge.com/securing-ssh-on-ubuntu-with-wikid-two-factor-authentication | 14:27 |
| SEJeff | Perhaps you're marketing for the wrong thing | 14:28 |
| asofrank | thought about hiring an SEO firm? | 14:29 |
| nowen | asofrank: not really, but we do a lot of that | 14:32 |
| asofrank | one of our brands specializes in SEO hosting :P | 14:32 |
| nowen | the problem is that "two-factor authentication" is quite tough | 14:32 |
| nowen | however "open source two-factor authentication" is us: http://www.google.com/search?client=ubuntu&channel=fs&q=open+source+two-factor+authentication&ie=utf-8&oe=utf-8 | 14:33 |
| asofrank | maybe think about pairing up with a hardware company and getting some hardware tokens | 14:33 |
| nowen | asofrank: maybe, but it would be a completely different protocol. | 14:34 |
| nowen | and we're doing quite well with the marketing we have | 14:34 |
| asofrank | I'd like to see hardware tokens. I suppose the "offline generation" code you have would do the trick | 14:36 |
| nowen | I think cloud-based services will be the next big growth area | 14:36 |
| asofrank | you just need a device that is capable of running the code | 14:36 |
| asofrank | yeah, like what google offers | 14:36 |
| nowen | you still need to be online to register for WiKID | 14:36 |
| SEJeff | What about the preregistration stuff? | 14:36 |
| asofrank | yeah, the hardware tokens would have to have a fixed registration code | 14:37 |
| asofrank | but I really dont know how the backend works | 14:37 |
| asofrank | for the cloud based system, that likely wouldnt be too difficult | 14:37 |
| nowen | huh, hadn't thought about that. we do support pre-registratino | 14:37 |
| nowen | of course, that is exactly the issue that RSA has | 14:38 |
| SEJeff | nowen, Yes, and it works quite well. Thats how we do it for nontechnical users | 14:38 |
| nowen | SEJeff: we have added some pre-reg code to the API. | 14:38 |
| nowen | you can now generate pre-reg codes via the api. | 14:38 |
| SEJeff | Oh thats really shiney | 14:39 |
| asofrank | you could make the tokens USB sticks | 14:39 |
| SEJeff | I've been thinking of making a "reference implementation" django project and putting it on github | 14:39 |
| nowen | and multiple pre-reg domains per server | 14:39 |
| asofrank | and have them download the information they need | 14:39 |
| nowen | doo eeet! | 14:39 |
| SEJeff | For the HTML5 token with some shiney built in registration functionality. | 14:39 |
| nowen | asofrank: yes, you can run them on usb drives. I assume this is how ironkey uses wikid | 14:40 |
| *** Dingofest2 (~Dingofest@208.124.228.2) has joined #wikid | 14:41 | |
| asofrank | when the token client talks to wikid, it uses port 80 correct? | 14:41 |
| nowen | asofrank: yes | 14:42 |
| asofrank | I'd like to restrict access to /WiKIDAdmin if possible, but I need to know if the token client will need to access that | 14:42 |
| SEJeff | Yes, but it is encrypted with asymetric encryption which makes it awesome | 14:42 |
| nowen | no 443 needed for the token b/c of the asymmetric encryption | 14:42 |
| nowen | haha, just got a call from a Dow Jones reporter. brb | 14:43 |
| SEJeff | Nice | 14:43 |
| asofrank | is there any way to IP restrict the admin area? | 14:43 |
| SEJeff | asofrank, Perhaps you could just run wikid's tomcat server through apache | 14:43 |
| SEJeff | Then use apache's gauntlet of security options | 14:43 |
| nowen | asofrank: and probably via the tomcat settings | 14:43 |
| SEJeff | We use apache + mod_proxy to make wikid public | 14:43 |
| asofrank | ah | 14:43 |
| asofrank | i havent messed with tomcat | 14:44 |
| asofrank | and this is my 2nd day looking at wikid | 14:44 |
| SEJeff | It is pretty straight forward. When nowen is available, he is a really huge help. | 14:44 |
| asofrank | dont want to spend much more time on this until the boss OK's the purchase | 14:45 |
| nowen | left her a message. wanted to know if we were seeing an up tick in biz | 14:45 |
| SEJeff | Are you? | 14:46 |
| asofrank | after the SecurID hack last month I'd expect you would | 14:46 |
| nowen | yes, but it is just an acceleration of what was already happenting | 14:46 |
| SEJeff | good | 14:47 |
| SEJeff | So we can expect that huge new release soon, right :) | 14:47 |
| SEJeff | With the better web api and multimaster sync | 14:47 |
| nowen | hehe, yes, it is in alpha now | 14:47 |
| asofrank | add the ability to IP restrict the admin area | 14:48 |
| nowen | oh, here she is | 14:48 |
| SEJeff | nowen, We're pretty stoked to get that and roll it out to 4 continents | 14:48 |
| nowen | and I look forward to charging you for that :) | 15:11 |
| nowen | sadly, the reporter did not ask me to sit for a pixelated picture for the WSJ | 15:13 |
| *** asofrank has quit (Quit: Lost terminal) | 15:37 | |
| SEJeff | well hurry up! | 15:47 |
| nowen | lol | 15:50 |
| *** asofrank (~laszlof@wookie.tvog.net) has joined #wikid | 16:52 | |
| asofrank | so I was looking for radius support in apache | 16:57 |
| asofrank | and ended up fidning another doc on your site for the first result in google | 16:57 |
| *** CowboyPride (~BartSimps@cpe-075-183-170-059.sc.res.rr.com) has joined #wikid | 16:59 | |
| *** CowboyPride has quit (Remote host closed the connection) | 17:02 | |
| *** CowboyPride (~BartSimps@cpe-075-183-170-059.sc.res.rr.com) has joined #wikid | 17:04 | |
| SEJeff | asofrank, Radius support is not available in the open source version | 17:59 |
| SEJeff | Only the enterprise version | 17:59 |
| SEJeff | But it works well | 17:59 |
| nowen | yes, we did a doc on apache mod-auth-radius, a few | 18:01 |
| nowen | we just did one on mod-ldap. at least, that's what I used for the Seccubus integratio | 18:07 |
| *** nowen has parted #wikid (None) | 22:48 | |
| asofrank | SEJeff: I know. I'm using the enterprie version | 23:13 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!