Introduction to Multifactor Authentication
Why do companies need Multifactor Authentication
Every day, the threat of ransomware attacks increase in frequency, sophistication, and effectiveness. Victims of ransomware attacks can be blocked from data, applications, and systems – making an organization unable to function.
Credential compromise is the leading cause of ransomware attacks, because credentials give hackers the access they need to hold your systems hostage. Unfortunately, credentials can be stolen, shared, bought or hacked. Once the hackers gain entry, the threat actors will often look to compromise privileged access credentials to further infiltrate your network and steal sensitive data.
What is Multifactor Authentication
Multifactor authorization ensures that the access credentials presented belong to the actual person. After logging in to the system, when a user tries to access a CTE-U GuardPoint, it triggers a second factor authorization to verify the user with a second form of authentication, like sending a passcode to the users's registered cell phone, that they then have to input into the application.
How does Multifactor Authentication work
The following diagram explains how Multifactor Authentication operates in a CipherTrust Transparent Encryption environment.
| Step | Description |
|---|---|
| 1 | A Multifactor Authentication administrator configures the MFA provider to use OTP (one-time password) for CTE multifactor authentication. |
| 2 | Multifactor Authentication is performed when either an SSH connection with MFA has already been enabled by a root user using the command voradmin mfa ssh_enable, and a user starts an SSH connection; or after an SSH connection is already established and a user uses the command: voradmin mfa login. |
| 3 | A CTE user who has previously registered the CTE site URL with an authenticator application (such as Google Authenticator), running on his/her registered mobile device, uses the authenticator to generate a one time password. |
| 4 | CTE user enters the OTP from their mobile phone into CTE. |
| 5 | CipherTrust Transparent Encryption sends a message to the Multifactor Authentication provider to verify the user. |
| 6 | Multifactor Authentication provider confirms/denies user access. |
| 7 | If authenticated using voradmin voradmin mfa login, the user's current shell, and all of the programs running inside that same shell, are authenticated. If authenticated during an ssh login, the entire ssh session is authenticated for the user. |
| Step | Description |
|---|---|
| 1 | Multifactor Authentication is performed when either an SSH connection with MFA has already been enabled by a root user using the command voradmin mfa ssh_enable and a user starts an SSH connection, or after an SSH connection is already established and a user uses the command: voradmin mfa login and enters their Multifactor Authentication password. |
| 2 | CTE sends a verification request to the Multifactor Authentication. |
| 3 | Multifactor Authentication provider confirms/denies user access. |
| 4 | If authenticated using voradmin voradmin mfa login, the user's current shell, and all of the programs running inside that same shell, are authenticated. If authenticated during an ssh login, the entire ssh session is authenticated for the user. |
Note
Multifactor Authentication is NOT supported on RHEL 7 or SLES 12.
For more information on Multifactor Authentication, see Multifactor Authentication.
