As of the 1st February 2018 the new implimentation of PCI DSS comes into play, version 3.2 has a number of major additions but the most important one is going to be requirement 8.3 which is multi factor authentication for administrators.
So just to add a little more details to this the offical line is “New Requirement 8.3.2 incorporates the former Requirement 8.3, and addresses multi-factor authentication for all personnel with remote access to the CDE. This requirement is intended to apply to all personnel – including general users, administrators and vendors (for support and maintenance) with remote access to the network – where that remote access could lead to access to the CDE.” In layman terms this basically means if you RDP to any server and log on as a domain admin you basically need 2FA.
So as a result of this i have installed Vasco Digipass Authentication Server to cover this requirement, to say the setup guide was “unhelpful” was a little of an understatment, so as a result i have decided to put together a few posts to help as a refresher and also help anyone who hits similar problems as i have.
To give a brief overview of what and how the software works, you basically setup a authentication that as the name suggesses authenticates users logins, you think install an additional bit of software called “Windows Authentication logon” on all server which report back to the main server for access. The system uses a OTA (one time password) via a hardware token that changes with each press of its button.
So onto the installation, ill cover this in a number of posts starting with the installation of the authentication server.