The MFA Challenge & Cisco DUO

by | Aug 23, 2021 | Security

Peters & Associates has previously written about the benefits of Multi-Factor Authentication (MFA) for securing resources. The Microsoft Authenticator application provides a nice user interface and is beneficial for a variety of use cases. In 2020, we worked with many clients to secure remote access to the environment by implementing Microsoft’s MFA on their Cisco AnyConnect VPN. Here is the link to our technical blog on the ASA MFA solution: Cisco ASA SSLVPN/AnyConnect Configuration with MS MFA (peters.com). Another option that is available to customers with Cisco is DUO.

Cisco Duo provides a user-friendly experience much like Microsoft Authenticator, but also provides several additional capabilities. Duo gives you the policies and control you need to easily limit access, based on the device, endpoint or user risk.  Imagine use cases where upon login to the device, domain-joined or otherwise, the health could be scrutinized, and the user could be MFA prompted.  This is the front-line worker use-case that really makes logical sense for network users. 

Peters & Associates is aware of increased compliance and insurance requirements that may require that you expand your utilization of 2FA or MFA. Below are just a few use cases for the Cisco Duo solution that go beyond securing a Microsoft cloud application or VPN: 

  • Laptop or workstation MFA 
  • Server Remote Desktop Protocol (RDP) MFA
  • On-premises switch access via Radius and MFA 

Do you have a compliance requirement? Is there a line in the sand that has been set by PCI, HIPAA, CMMC, your cyber-insurance carrier or internally by your CISO or Management? Her is a link to our blog about cyber-security insurance: Cybersecurity Insurance: What is it and why do I need it? (peters.com). We can help you meet your goals and requirements with Cisco Duo. 

Cisco Duo MFA 

Full-featured two-factor authentication  

  • Protect logins with Duo’s MFA (Multi-Factor Authentication) 
  • Insight into an overview of device security hygiene 
  • Manage Duo’s solution with Admin APIs 
  • Duo’s secure Single Sign-On (SSO) provides a consistent user login workflow across applications 
  • Protect access to both on-premises and cloud applications 

Cisco Duo Access 

Includes Everything in Duo MFA, plus: 

Essential access security suite to address cloud, Bring Your Own Device (BYOD) and mobile risks 

  • Complete visibility into both mobile and desktops, including corporate-managed and unmanaged (personally-owned) devices to support BYOD policies 
  • Mobile device breakdown with visibility into enabled security features and tampered/unencrypted devices 
  • Detailed device insight 
  • Enforce rules on who can access which applications, under what conditions (adaptive authentication) 
  • Notify users to update their devices based on device access policies 
  • Full-featured dashboards and custom reports for compliance audits and ease of administrative management 

Cisco Duo Beyond 

Includes Everything in Duo Access, plus: 

A zero-trust security platform that addresses user and device risk for every application. 

  • Get visibility into BYOD – detect if devices are corporate managed or unmanaged (personally owned) 
  • Enforce a policy to allow only managed devices’ access to sensitive applications 
  • Provide modern remote access to multi-cloud environments (on-premises, Azure, AWS, Google Cloud Platform) while enforcing zero trust security principles 

Duo Architecture 

Duo supports a variety of architectures for authentication. Please contact us to learn more. 

  • Duo Single sign-on (365) 
  • Duo Azure Conditional Access 
  • Cisco VPN Architectures 
  • Single Sign-on 
  • Access Gateway 
  • Duo Radius + Authentication Proxy 
  • Duo + ASA with LDAPs 
  • Azure ASA VPN Architecture 

If you have any questions, or are ready to get started, feel free to reach out! You can contact us at info@peters.com or give us a call at 630.832.0075.  We are happy to help!