MFA Multi functional authenticator

Moderator: gregober

Post Reply
mathijs
Posts: 3
Joined: Wed Apr 24, 2019 1:33 pm

MFA Multi functional authenticator

Post by mathijs » Wed Apr 24, 2019 1:46 pm

MFA is an important security function.
When you manage Firewall for other company's you want to assure them level of security.
Lately company's see allot of media attention that hackers can get you login credenditals.
With MFA your login credential can be hacked but they can't login without a code.
Especialy with the direct view option you can save the credentials and instantly login. When someone hacked your account they can litterly login on you Firewall and do anything that they want.

Its for the company where I work a big security risk when you use a management tool for firewalls without MFA.

I hope you will consider an MFA function ASAP.

(please I love a discussion on this forum and you opinion)
User avatar
gregober
Posts: 83
Joined: Tue Mar 26, 2019 2:06 pm

Re: MFA Multi functional authenticator

Post by gregober » Fri May 17, 2019 10:24 am

MFA is an important security function.
When you manage Firewall for other company's you want to assure them level of security.
Lately company's see allot of media attention that hackers can get you login credenditals.
With MFA your login credential can be hacked but they can't login without a code.
Especialy with the direct view option you can save the credentials and instantly login. When someone hacked your account they can litterly login on you Firewall and do anything that they want.

Its for the company where I work a big security risk when you use a management tool for firewalls without MFA.

I hope you will consider an MFA function ASAP.

(please I love a discussion on this forum and you opinion)
Thank you very much for your question.
We greatly value your feedback about DynFi Manager (DynFi Manager).

While MFA is indeed on our roadmap, It is not yet at the top of our priority for some reasons that I will try to explain hereunder.

DynFi Manager should generally be deployed in a contained environment where only few people will have access to the Manager.
While communication from the Manager to the various pfSense / OPNsense devices is mandatory, access to the DynFi Manager can be restricted using the following methods :
  • deploying DynFi Manager on a internal LAN / VLAN with restricted inbound / outbound connection
  • filtering IPs which have access to the Manager
  • securing access to the Manager through a VPN (if remote access is needed
  • securing access from the Manager to the remote firewalls

Exposing the DFM login interface to the public is as bad as having the WAN IP address of your firewall devices accessible to the public.
If you want / need to share your login with remote users / clients, consider the advices given before to secure the access.


That being said, we agree to the fact that It is always better to have MFA available rather than not.
We will do our best to have this implemented in DFM.
EmileEmbar
Posts: 2
Joined: Fri Sep 27, 2019 11:59 am

MFA Multi functional authenticator

Post by EmileEmbar » Wed Oct 23, 2019 9:51 am

Hello.

The program has single language English installer when the program is multi-language.
The installer is made with NSIS.
Could be possible to switch the installer as multi-language type?
If you want I can help with Italian language.
User avatar
gregober
Posts: 83
Joined: Tue Mar 26, 2019 2:06 pm

Re: MFA Multi functional authenticator

Post by gregober » Thu Oct 31, 2019 11:16 am

EmileEmbar wrote:
Wed Oct 23, 2019 9:51 am
Hello.

The program has single language English installer when the program is multi-language.
The installer is made with NSIS.
Could be possible to switch the installer as multi-language type?
If you want I can help with Italian language.
Thank you very much for your support.
We will try to add more languages in the near future.

The translation of the interface is a quite heavy work !
But thanks for your proposal. It is very appreciated.


P.S. Just one more thing : please avoid thread hijacking and create new thread, that will help users know what to expect from a thread. Thx.
Post Reply