[Staff] Fwd: DUO Implementation for VPN Users

William Nguyen wnguyen at sdsu.edu
Thu Nov 8 09:28:13 PST 2018 

FYI for VPN user.

William Nguyen
Operating Systems Analyst
College of Engineering, ENG-224
San Diego State University
5500 Campanile Drive
San Diego, CA 92182-1326
Tel:  619-594-2003
Fax:  619-594-6005
E-mail:  wnguyen at sdsu.edu


---------- Forwarded message ---------
From: IT Security Office <security at sdsu.edu>
Date: Thu, Nov 8, 2018 at 9:19 AM
Subject: Fwd: DUO Implementation for VPN Users
To: Diana Osborn <diana at sdsu.edu>, William Nguyen <wnguyen at sdsu.edu>


Just a heads up for a pretty major VPN change happening this weekend.  I
think the notice went out to people identified as single-factor VPN users,
so if you already use Duo then you may not have gotten this.  If your
single-factor users have not enrolled in Duo, they are in for a surprise
the next time they try to connect after Friday.

Gene


---------- Forwarded message ---------
From: Michael Murashkovskiy <mmurashkovskiy at sdsu.edu>
Date: Fri, Nov 2, 2018 at 11:36 AM
Subject: DUO Implementation for VPN Users
To:
Cc: security at sdsu.edu <security at sdsu.edu>


Hi Colleagues,



In an effort to improve the security of our VPN connections, we will be
incorporating Duo Security as a two-factor authentication (2FA) solution
into our existing VPN infrastructure. Two-factor authentication provides a
second layer of security to your login, requiring extra information or a
physical device to log in, in addition to your password. By requiring two
different channels of authentication, we can protect user logins from
remote attacks that may exploit stolen usernames and passwords.


*Why do we need two-factor authentication? *Login credentials are more
valuable than ever and are increasingly easy to compromise. Over 90% of
breaches today involve compromised usernames and passwords. Two-factor
authentication enhances the security of your account by using a secondary
device to verify your identity. This prevents anyone but you from accessing
your account, even if they know your password.

To learn more about two-factor authentication, watch this video
<https://www.youtube.com/embed/0mvCeNsTa1g?rel=0&showinfo=0%22%20frameborder=%220%22%20allow=%22autoplay;%20encrypted-media%22>.



* How will Duo change my login experience?*


When logging into Global Protect VPN, you will still enter your username
and password. After inputting your login information, Duo will require you
to complete a method of second-factor authentication. Duo does not replace
or require you to change your username and password. Think of Duo as a
layer of security added to your pre-existing login method.

To learn more about your experience using two-factor authentication, watch this
video
<https://www.youtube.com/embed/_T_sJXnSM98?rel=0&showinfo=0%22%20frameborder=%220%22%20allow=%22autoplay;%20encrypted-media%22%20allowfullscreen>
.


* Action Required:*


* By November 9th*, please go to the DUO self-registration portal to enroll
your 2nd factor authentication method. If you are on-campus please go to
https://duoportal.sdsu.edu to register. To login use your current SDSUid
credentials. If you have a current VPN connection using just your username
and password, you can still use that to access this link. In the event you
don’t have access to your VPN account and are not on-campus, please use
this this link: http://l.sdsu.edu/duoportal-external to access the portal
off-campus. Please note, you may be asked to login twice with your SDSUid.
Once you are in the portal, follow the self-enrollment process to register
your phone and install the Duo Mobile application. If you do not have a
smartphone, you can enroll a regular cell phone (SMS text messages + calls)
or use a SDSU desk phone landline (calls) for two-factor authentication.

For more information on how to enroll your devices and about DUO / VPN
please go to our Security Portal on the SDSU Intranet.

* SDSU DUO Enrollment / VPN Guides:*
IAM Services - http://l.sdsu.edu/iamservices
VPN Services - http://l.sdsu.edu/vpnservices

*What will happen after November 9th?*

Two-factor authentication (2FA) will be enforced and required for all VPN
users. You will have until November 9th to self-enroll your second factor
authentication method. After this date, access to Global Protect VPN will
require Duo two-factor authentication. You will no longer be able to access
VPN with just your AD credentials.



If you have any questions, please feel free to contact us at
security at sdsu.edu

Best Regards,

Michael Murashkovskiy
Campus Information Security Officer
San Diego State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://engineering.sdsu.edu/pipermail/staff/attachments/20181108/1ff9763b/attachment.html>

More information about the Staff mailing list