Pre-shared key GVC vs MFA Netextender TZ270
jtpryan
Newbie ✭
Thoughts on these two methods of security. We currently utilize the first one as it dates back 8 years or more to when we started with a TZ215. I don't relish the thought of moving 40+ remote users to Netextender in order to implement MFA if it really isn't that much more secure then the current GVC with the pre-shared key. We also currently authenticate to LDAP.
Category: Entry Level Firewalls
0
Answers
"I don't relish the thought of moving 40+ remote users to Netextender"
That might have to happen if your PSK gets into the wrong hands and your not already doing MFA with GVC (which you ARE doing right?)...
Securing GVC with a third party cert. is another option, but again, if that cert is compromised...
NetExtender is overall much easier to manage in the long run: there is no need to adjust anything on the client side (unlike with GVC, either PSK or Cert) when changes need to be made; TOTP MFA support is built-in (unlike with GVC which requires 3rd party software).
Migrating users should not be a headache. You can run both simultaneously, work with a few 'test' users to iron out issues, and provide user guides to the rest of the users when its their turn to change.