It should be noted that while neither my boss nor the lead engineer wants to deal with the needed infrastructure of two-factor authentication, we do have Phonefactor, but we don't manage it.
-Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama On Wed, Nov 2, 2011 at 10:46 AM, Mathew Snyder <[email protected]> wrote: > Yes, you're right. Two-factor is definitely a well-established option > that would solve this problem. As stated, it is required for the VPN > connection. It isn't required for the servers. By "too much overhead" > I'm referring to the fact that we don't have the man hours to put a > solution in place at the moment and I've already received resistance > from my boss and the lead engineer on RSA even with soft tokens. > Neither wants to deal with the infrastructure needed. > It needs to be remembered that we're the contractor on this project > and the requirements are stipulated by the contracting agency. If they > aren't willing to pay for something we don't use it. At this point, it > would be hard to rationalize adding RSA or a similar technology when > we already have 2500 licenses for Phonefactor (even though they're > already pre-allocated for other uses and quite honestly, I don't like > the cumbersome nature of it). > Disabling root is also not an option as they haven't stipulated it be > done. It can certainly be pitched, but they'll expect rationalization > and honestly, I don't think I can come up with an argument that is > compelling enough to convince them. Especially since I'm not convinced > myself that it is a good idea. > > -Mathew > > "When you do things right, people won't be sure you've done anything > at all." - God; Futurama > > > > On Wed, Nov 2, 2011 at 9:47 AM, Edward Ned Harvey <[email protected]> > wrote: >>> From: Edward Ned Harvey [mailto:[email protected]] >>> >>> whatever (keepass >>> etc) mechanism you're using. >> >> FWIW, I'm using encfs and dropbox. Works very well to sync & communicate >> certain secure information amongst the IT team. >> >> > _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
