Implementing a form of port knocking + Phone Factor = 2 Factor auth for RDP?
Posted
by
jshin47
on Server Fault
See other posts from Server Fault
or by jshin47
Published on 2012-09-04T21:30:21Z
Indexed on
2012/09/04
21:40 UTC
Read the original article
Hit count: 353
I have been looking into how to secure a publicly-available RDP endpoint and want to implement our two-factor authentication RADIUS server, PhoneFactor. I would like to implement the following process:
- User opens up web app in browser
- In web app, user enters username + password, initiates RADIUS auth
- Phone factor calls user to complete auth
- Once user is authenticated, port 3389 is opened on user's IP on
pfSense
firewall. - After some amount of time, firewall rule is removed for that IP
I would like to know the following:
- Is this a typical setup? If it is a bad idea, please explain why.
- If it is possible, are there any packages that assist with this? Specifically, the third step, where the appropriate firewall rule would need to be added...
Edit: I am aware of TS Web Gateway, but I want the users to be able to use the traditional RDP client...
© Server Fault or respective owner