Monthly Archives: April 2011

Protecting SBS Remote Web Access

I’ve been a firm believer in Two Factor Authentication (TFA) for a long time, and we use ScorpionSoft’s AuthAnvil here on all our servers and laptops. When we upgraded to Windows Small Business Server 2011 Standard early this year on our production network, one of the features that I was missing, and wasn’t happy about, was the lack of that TFA on the new Remote Web Access login page. When we contacted ScorpionSoft, they assured us it was coming soon, and asked us if we’d like to be on the TAP to get an early look at the product. Of course we said yes, and today I’m allowed to talk about it, and show a picture. So, first the picture - RemoteHomePage_01

See, looks just like regular RWA, except that it has an extra field for my AuthAnvil credential. That AuthAnvil credential is a combination of a PIN, and an 8 character one-time password. So, before any one can log on to my RWA site, they need to have three identification factors that assure me that they are who they say they are:

  • They must have an Active Directory account name and password that have permission to use RWA
  • They must know the PIN for that account
  • They must have the correct one-time password for that account

That one-time password (OTP) is generated at the time the user wants to log in from either their smart-phone, or from a hardware dongle. I’ve got both, but I have to say I end up using the generator on my iPhone 99% of the time.

The thing I like the most about AuthAnvil and RWWGuard is that it is completely transparent to my users. I don’t have to train them, make sure they’ve got some special card reader, or give them a different login page or anything. When I rolled out RWWGuard on my production server this morning, it just worked. And my users immediately recognized the new field and logged right in.

Now there are several vendors of two-factor authentication solutions, but the only one that has a product that integrates directly with SBS and with RWA is ScorpionSoft’s AuthAnvil and RWWGuard. And, frankly, their entire way of doing business recognizes that small businesses have just as compelling a need for secure authentication solutions as large businesses, and they’ve designed their product suite and business practices to scale from the large enterprise down to my small business. I like that, and it’s not an easy thing to do.

UPDATE: RWWGuard 2011 is officially available. And it's free to all AuthAnvil customers! Love it.

OT: Kindle Library Books

As many of you know, I've been a huge fan of the Kindle for a while now, and it's my primary reading medium these days. One of the complaints about the Kindle has been that you can't download and use Public Library books to your Kindle. Which really hasn't been true, but hasn't stopped the whingers from claiming it. All it really takes is a bit of help from Apprentice Alf, and this has been a non-issue for a while, and with the Calibre plug-in, it's really easy – no scripting required. Needless to say, I've been reading eBooks from my provincial library system without any problems, but it does require several steps more than the absolute minimum. Well, with the announcement today, this whole question just became a non-issue. Kindle will be working with Overdrive (the folks who handle the DRM and lending process for the vast majority of Public Libraries) to provide Kindle-compatible versions of eBooks for Library download. Better yet, these will preserve your last read location, bookmarks, and annotations across all Kindle platforms, and if you later buy the book, they'll be there as well. Now that IS a feature we appreciate.

Is Windows XP Good Enough?

Check out the latest Springboard Virtual Roundtable on TechNet where several of us talk about why the move to Windows 7 in the enterprise makes sense and why Windows XP just isn’t good enough any more.

FWIW, I found the format interesting, and fun, and enjoyed the chance to contribute. Even managed to get a plug in for PowerShell.