I mean yeah, you should have MFA. Period.
But sometimes in some companies, what should happen and what actually happens are 2 different things.
I advise my boss to change the wifi setup to something more secure. He insists it remains a pre shared key. All i can do is write a CYA email, do what he asks, and continue to get paid.
That was my thinking. We are setup the same way except with Cisco. And we also have things in place so it verifies that the computer is active in AD to connect as well. (Basically if the computer gets disabled in AD, the certificate gets revoked immediately, or at least as long as it takes for that to sync to a bunch of domain controllers.)
A VPN is a Virtual Private Network. That’s all it is. There is no obligation for any specific level of authentication, or for any authentication at all. A VPN can be set up, for example, between two locations with no individual login required.
Ahahah I have 3 accounts this one is my generic name Reddit gave me. I quite like it tho.
Being pedantic about it is not a requirement either. If you have a mobile VPN setup for users to access systems on the inside of your network, you should use MFA. If you aren’t feel free to point us to your remote access solution and we will see if it has it or not…and if not, maybe we can “test” it for you.
Sure, but that’s a moronic answer to give to someone who doesn’t know that you’re being nit-picky and super technical about it. A vault door isn’t a bank but is it really a bank if it doesn’t have a vault door?
If a customer asks you “Do I need MFA on this VPN” you shouldn’t answer “LOL NOOOB MFA ISN*T PART OF VPN AT ALL X)” which you come across as someone who would do. Borderline autistic (and I don’t mean that in a bad way) technicality won’t help users having major security holes in their companies.
Why do you have 3 accounts?
One for porn?
One for work?
One for … ?
There’s nothing pedantic about it. A VPN does not, in its definition or description, obligate the use of MFA. It’s no more of a “security breech” than me leaving my front door unlocked.
Should you use MFA? Probably. I’m not a security expert. Is a non-MFA broken or breeched? No.
But that wasn’t the question. The question was “My VPN doesn’t have MFA. Was I hacked?” Am I supposed to assume that /r/sysadmin is populated by idiot customers who need to be told where the “any” key is? Or should I assume that I’m talking to somebody who, like me, is a quasi-professional who didn’t understand how things work?
At no time did I say"You don’t need MFA."
Pretty much but not for porn but other NSFW stuff.
I actually am a security expert. Over 20 years at it, so trust me, it should use MFA.
Borderline autistic (and I don’t mean that in a bad way) technicality won’t help users having major security holes in their companies.