Gunther Kochmann

Two-Factor authentication: Hardening security to better protect your Akamai assets

Blog Post created by Gunther Kochmann Employee on Jun 15, 2015

...and with Akamai assets I mean your Akamai configurations, traffic report data or other confidential information like invoices.

 

In other words: Everything you find on LUNA Control Center!

 

If your LUNA user account has got 'Admin' properties this may mean access to significant amounts of confidential data and power - simply because with such a LUNA account one may modify, delete and possibly destroy productive setups in the worst case. Hence, unauthorized access to such an Admin LUNA account (a password is easily stolen or spied) I would call it a risk to consider.

 

Now one way to deal with a risk is (apart from identification, assessment & prioritization) to minimize and control the probability of such an event. In the case of access control LUNA provides increased security by the option '2FA' (Two-Factor Authentication):

 

Multifactor Authentication

Multifactor authentication requires at least two distinct types or factors of identity verification in order to access data or network services. These can be either:

  • a code, such as a password (something you know)
  • a physical key, such as a smartcard (something you have)
  • a biometric, such as a fingerprint (something you are)

Because an attacker would have to steal not one but several different kinds of identity, multifactor authentication is much harder to defeat than simpler kinds of authentication.

Access to Luna Control Center accounts can be protected by two factors: a code (password) and a physical key (the user's mobile phone/device). This is referred to as Two-Factor Authentication, or 2FA.

Account administrators manage 2FA access on a per-user basis. They can enable, reset, or disable 2FA access for a chosen user at any time.

 

LUNA help provides easy step-by-step instructions on how to setup 2FA. Simply logon to LUNA, click CONFIGURE -> Organization -> Manage Users & Groups

 

The question mark in the upper right corner will lead you to the respective help:

 

2FA-help.JPG

 

And this would be the place where you find instructions on provisioning the feature:

 

2FA.JPG

 

Have you ever thought about that risk and setting up Multi- or Two-Factor Authentication before?

 

Please share your thoughts and experience.

Outcomes