search

quantum / esos

An open source, high performance, block-level storage platform.
http://www.esos-project.com/
Other
287 stars 58 forks source link

MFA #227

Closed ghost closed 5 years ago

ghost commented 5 years ago

Probably a long shot given the architecture etc... but here goes anyway:

Over the past three years, organisations have grown increasingly concerned with cyberattacks and malicious conduct. We mitigate the risk of an attacker reaching our storage by virtue of the fact that the hardware associated is not even connected to a management switch with public facing access.

Be that as it may, it would be lovely if; when SSHing into ESOS; we were met with 2FA.

root@kali:~# wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2

Just a thought going forward given the rapidly changing universe of cyber security....

mastergregor commented 5 years ago

Not a bad idea.

On the other hand, I would not like to see a closed source Google Auth taint an OSS distro, so maybe some other tool can be used, which is completely open source?

Just a second thought :)

ghost commented 5 years ago

Completely agree re tainting closed source with Google.

There are many options, and of course the standards and source code for HOTP (RFC4226) / TOTP (RFC6238) are freely available.

On our own infrastructure we do use the google PAM module and the app for host 2fa, but in our web apps we have written our own php kit to achieve the same.

It may seem like an annoying thing today, but we are now seeing clients asking questions about the degree to which our systems are protected through all layers of the OSI model;

A few years ago, a disgruntled employee gained access to an organisations infrastructure and deleted the raid container; resulting i. the total loss of hundreds of companies hosted data.

Anyway - just a suggestion to help keep everyone safe from that one in a million rogue actor...

Cheers!

Sent from my iPhone

On 25 Dec 2018, at 6:40 am, mastergregor notifications@github.com wrote:

Not a bad idea.

On the other hand, I would not like to see a closed source Google Auth taint an OSS distro, so maybe some other tool can be used, which is completely open source?

Just a second thought :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au

Report this message as spam