Two-Factor Authentication Solutions (TDIYubiServ)


Given the current INFOSEC and budget conditions in the US Government, US corporations and the DoD, need a reliable, secure and inexpensive two-factor authentication system.  Current providers like EMC’s RSA SecurID have proven security issues and have nearly crippled IT enterprise budgets at the same time.  The time has come to provide a more secure and inexpensive solution.

At Tachyon Dynamics, we have built, secured, tested and hardened a robust, inexpensive, and highly flexible two-factor authentication solution introduced by Yubico called TDIYubiServ.  Users authenticate using something they know (username/password) and something they have (hardware token called Yubikey).  The Yubikey is a USB token-based One Time Password (OTP) device.  Tachyon Dynamics customized the platform available to all of our previous, current and future clients.  The Tachyon Dynamics TDIYubiServ system has been hardened by utilizing DoD Secure Technical Implementation Guidance (STIG) and a secure virtualized implementation of RedHat Enterprise Linux 6.9, and numerous different authentication clients/servers embedded (TACACS+, RADIUS, Windows Active Directory, or local accounts).

The difference with TDIYubiServ from others?

  • TDIYubiServ is one of the few authentication servers certified for DoD use and purchase on the DoD Information Network (DoDIN)/Unified Capabilities (UC) Approved Products Lists (APL)
  • TDIYubiServ contains numerous mechanisms to interface with your infrastructure devices and systems like: a FreeRADIUS server (the Linux RADIUS server), the Yubico-validation server, a tac_plus server (the Linux TACACS+ server), a Windows active directory/Kerberos client, a RADIUS client using pam_radius, and local Linux accounts managed through the local PAM database

 

 

 

Defense Federal Acquision Requirement (DFAR) and NIST 800-171 Compliance

TDIYubiServ, when properly implemented in accordance with the DoD’s Military Unique Deployment Guide, can help your network achieve complaince with the DFAR mandatesNIST 800-171, and NIST 800-53 controls for protecting Controlled Unclassified Information (CUI).  See the list of controls that TDIYubiServ can help your organization comply with here:

  • IA-1: Identification and Authentication Policy and Procedures
  • IA-2: User Identification and Authentication
  • IA-5: Authenticator Management
  • IA-6: Authenticator Feedback
  • IA-7: Cryptographic Module Authentication (when in FIPS 140-2 Mode)
  • IA-8: Identification and Authentication (Non-Organizational Users)
  • AC-2: Account Management
  • AC-3: Access Enforcement
  • AC-5: Separation of Duties
  • AC-6: Least Privilege
  • AC-7: Unsuccessful Logon Attempts
  • AC-14: Permitted Actions without Identification or Authentication

Please get in touch with us as we can help in any of your future multifactor authentication implementations: Contact us today!