Why should we use two-factor authentication?
Two-factor authentication is a more secure way to connect to resources than a simple username and password. With two-factor authentication (2FA), users log in with a username, something they know (a password or PIN), and something they have (a security token, a phone authentication app, etc.).
Usernames and PINs/passwords alone to log in to a network, resource, or application are vulnerable to many different kinds of attacks. These include malware and phishing. There is also danger using a public, unsecured network, such as at a library, coffee shop, or airport. Additionally, users tend to create passwords that they can remember easily. These can easily be guessed or cracked.
With two-factor authentication, there is another layer of security attackers must overcome. And with GreenRADIUS, our team of industry-leading security architects and developers sets the standard for secure access.
How are we supported while implementing and using GreenRADIUS?
Green Rocket Security provides an optional premium support package that includes:
- Integration support
- Phone support, M-F 8:00 – 5:00 pacific time
- Email support with a response time within four hours
- Notifications of updates and new versions
All GreenRADIUS users are able to email questions to firstname.lastname@example.org. We will do all we can to answer your questions within 24 hours.
Which Active Directory programs work with GreenRADIUS?
GreenRADIUS has been tested with Microsoft Active Directory and OpenLDAP as these are the standard directories officially supported by Green Rocket Security. We expect it to be able to work with other popular directory services and products with little to no changes.
Can we install GreenRADIUS on a Windows platform?
If you install VMWare Server or VMWare Player on your Windows computer, you can use the GreenRADIUS image in VMWare format. If you install Oracle VirtualBox, you can use the OVF image.
What VPN/firewall devices are known to work with GreenRADIUS?
Customers have had success integrating GreenRADIUS with the following VPN and firewall vendors:
- Cisco Systems
- Juniper Networks
- Palo Alto Networks
- Nortel Networks
- Defender 5
- FreeIPA (Currently, FreeIPA is not supported “out of the box”, but it can be supported with some customization through services offered by Green Rocket Security. Contact us if you have Free IPA.)
Does GreenRADIUS offer redundancy support?
Yes, multiple GreenRADIUS virtual appliances can be set up in a redundancy configuration to help avoid a single point of failure when the local on-board validation server is used. Redundancy can also be achieved when multiple GreenRADIUS servers are used with multiple YubiHSMs (requires one YubiHSM per GreenRADIUS server).
How many GreenRADIUS servers are recommended?
The robustness of the server replication mechanism design requires a minimum of three servers to be configured to work in synchronized mode of operation so in case one of the three servers goes down, there are at least two working servers available to successfully validate the OTP before it is declared as valid to the validating client.
However, for production deployments, it is highly recommended to have at least four servers configured in synchronized mode and configuration parameters adjusted such that at least three of the servers are available to positively validate the OTP before it is declared as valid to the validating client.
What happens if all GreenRADIUS servers are unavailable after tokens are assigned.
The system will fall back to single-factor authentication (when enabled) whenever OTP validation fails. Falling back to single-factor authentication should only happen when the server is unavailable.
Is the GreenRADIUS Virtual Appliance hardened?
Yes, GreenRADIUS is hardened. Learn more on our security page.