[Info-vax] VMS and MFA?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Aug 19 15:19:55 EDT 2020
On 2020-08-19 19:08:43 +0000, Dave Froble said:
> On 8/19/2020 2:13 PM, Arne Vajhøj wrote:
>> On 8/19/2020 11:44 AM, Jan-Erik Söderholm wrote:
>>> Thanks all. Yes, there are several "layers" before anyone reach the VMS
>>> "Username:" prompt. I first login to the Citrix Remote Desktop, and that
>>> is throught a MFA (6-digit code in SMS/text message). From there is it
>>> a Putty session against the VMS system "as usual".
>>>
>>> We had a discussion, and many of our "users" are generic and named
>>> after the workplace. There can be 10 different operators working there
>>> and using a group login VMS account setup for each "process terminal".
>>>
>>> So, the decision was that MFA is not suitable for us.
>>
>> If you have started a process of looking at security then
>> one account used by multiple persons could raise some
>> serious red flags.
>>
>> Arne
>>
>
> In my opinion, the best security is being able to control what can be
> accomplished.
>
> As far as I'm aware, and I'd welcome any information I'm unaware of, a
> captive account is very effective. Of course, it depends on what
> activity a captive account can accomplish.
>
> It may be that multiple users can perform the same activity, and if so,
> multiple users of the same user account need not be a problem. Though
> setting up individual user accounts is usually not a problem.
>
> Depending on requirements, various amounts of logging of activity can
> be implemented. Perhaps good for exploring issues, but as always, who
> watches the watchers?
>
> While access control is possible, it's my feeling that trust of
> authorized users is usually a much greater security issue.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list