Multi-factor authentication trial

The Division of Information Technology is trialling multi-factor authentication for VPN “Admin Profile” users.

The key driver for this trial is to test and deliver additional security protections for users requiring remote access to sensitive or privileged information and communications technology (ICT) services.

Multi-factor authentication strengthens access security by requiring two or more methods (also referred to as factors) to verify your identity. These factors can include something you know – like a username and password, plus something you have – like a smartphone app to approve authentication requests.

Multi-factor authentication protects against phishing, social engineering and password brute-force attacks and secures logins from attackers exploiting weak or stolen credentials.

What have we done so far?

The Duo Security product was selected based upon a market scan of the university sector and working with our partners e.g. CAUDIT.

DIT staff have been trialling Duo Security for VPN access since early January.

Where to next?

The DIT trial will run until around mid-February. We will then start rolling out multi-factor authentication to other CSU staff using the VPN service for CSU-Admin-Users.

An initial set of ICT services have been identified to use multi-factor authentication and will be progressively implemented during 2019:

  • VPN access
  • Web Outlook
  • PasswordState (systems admin password management)
  • Critical systems privileged access
  • Sensitive VDI environments
  • Dynamics 365 privileged admin access

A risk management approach will be used to consider other potential candidates – which may result in this list changing throughout the year.

The implementation of multi-factor authentication reduces the risk of CSU staff accounts being compromised, providing less opportunity for fraud. It is an important activity in ensuring our compliance with the Audit Office of NSW and safeguarding the university’s reputation.

If you have any questions about this project contact Shane Meekin-Sutherland.

Subscribe to DIT News and stay tuned for updates on this new service as we prepare to roll out across the university.