[Info-vax] VMS and MFA?
Dave Froble
davef at tsoft-inc.com
Wed Aug 19 15:08:43 EDT 2020
On 8/19/2020 2:13 PM, Arne Vajhøj wrote:
> On 8/19/2020 11:44 AM, Jan-Erik Söderholm wrote:
>> Thanks all. Yes, there are several "layers" before anyone reach the VMS
>> "Username:" prompt. I first login to the Citrix Remote Desktop, and that
>> is throught a MFA (6-digit code in SMS/text message). From there is it
>> a Putty session against the VMS system "as usual".
>>
>> We had a discussion, and many of our "users" are generic and named
>> after the workplace. There can be 10 different operators working there
>> and using a group login VMS account setup for each "process terminal".
>>
>> So, the decision was that MFA is not suitable for us.
>
> If you have started a process of looking at security then
> one account used by multiple persons could raise some
> serious red flags.
>
> Arne
>
In my opinion, the best security is being able to control what can be
accomplished.
As far as I'm aware, and I'd welcome any information I'm unaware of, a
captive account is very effective. Of course, it depends on what
activity a captive account can accomplish.
It may be that multiple users can perform the same activity, and if so,
multiple users of the same user account need not be a problem. Though
setting up individual user accounts is usually not a problem.
Depending on requirements, various amounts of logging of activity can be
implemented. Perhaps good for exploring issues, but as always, who
watches the watchers?
While access control is possible, it's my feeling that trust of
authorized users is usually a much greater security issue.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list