Tech Tips: Two factor authentication - Why is it important and How to set it up?
Hello Everyone,
I would like to start with 'You are only as strong as your weakest link'!!
With the increasing trend in attacks and expanding attack vectors, it is highly recommended to have a second layer of security for your existing devices. It might seem like a hassle but can prove to be really useful.
SonicWALL offers TOTP - Time based OTP adding an additional layer of security and it is extremely simple to set up.
1) It can be set for administrators logging to multiple devices and for ease might just use the same password at many locations. It is best to add TOTP on top of the password.
2) With the Work from Home movement, you might have a lot of remote users. It is important to extend the same level of security to those users as well.
3) You can also use this for the Secure Mobile Access appliances.
I hope this information is useful.
Stay safe and have a good one!
Thanks
Shipra Sahu
Technical Support Advisor, Premier Services
Comments
Very important points here @shiprasahu93 . Thank you.
How good is this when the TOTP times out and the users gets prompted to just set it up again?
Hello @robert_hitech,
The initial set up is only done once. The phone/PC is bound to a specific account and if the timeout takes place, the user is asked to enter the OTP valid for the next 30 second interval and is not allowed to set up again so that it can be bound to another device like a potential hacker.
It is very similar to OTP sent while making banking transactions where the OTP is sent to you and is valid for a few seconds. Here the application installed changes the OTP every 30 seconds and is exactly as if it is being sent to you during 2nd layer of authentication.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93 , question for you.
What is the implication of setting up the MFA for the Administrator account in the Administration section?
How does this work with CSC / now NSM and the web?
Thanks!
Hello @Larry,
TOTP is used for HTTPS management or SSLVPN. I don't think we have this for the built-in admin account for web management that is also used for binding with CSC/NSM. It can be applied to local/LDAP users connecting to the firewall using HTTPS web management or SSLVPN.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
This screenshot is from my TZ250W.
So, changing the highlighted field to TOTP would break the link to CSC?
@Larry,
I do know that GMS does not support MFA on the admin account that is used for binding. I am not sure if it is different for CSC/NSM as they use zero touch for acquisition and updates.
Anyone else got ideas on this one?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services