Scribd Logo
Upload

Welcome to Scribd!

  • NERC CIP 2-Factor Authentication Process Flow V3

    Uploaded by

    Roby Raj
    41 views3 pages
    Two factor authentication

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Two factor authentication

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    41 views3 pages

    NERC CIP 2-Factor Authentication Process Flow V3

    Uploaded by

    Roby Raj
    Two factor authentication

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    2

    Deliver certificate
    Participate in crypto

    1
    Plug in key
    ACS FIREWALL Start client
    Issue password User Certificate
    User Private Key
    User

    3
    Authenticate
    With MW VPN
    Authentication process:
    1) Was user cert issued by ACS CA?
    2) Does user cert OU match one of Customer VPN Router Tunnel Cert1
    mine? Private K1
    3) Do I have the CRL?
    4) User not on CRL?
    If all are true, user is authenticated

    CA Certificate
    4
    SECURITY FIREWALL ACS Certificate CA Certificate RDP traffic
    CA Private Key
    Server

    Tunnel Cert2
    Private K2

    Protocol Disconnect

    ACS VPN Router


    Jump Host
    For Administration

    5
    Customer Defined traffic
    on defined ports

    Customer Firewall

    ESP

    Page 1
    2
    Deliver certificate
    Participate in crypto

    1
    Plug in key
    ACS FIREWALL Start client
    Issue password User Certificate
    User Private Key
    User

    3
    Authenticate
    With MW VPN

    Authentication process:
    1) Was user cert issued by ACS CA?
    2) Does user cert OU match one of Customer VPN Router Tunnel Cert1
    mine? Private K1
    3) Do I have the CRL?
    Request CRL if necessary 4) User not on CRL?
    If all are true, user is authenticated

    CA Certificate
    4
    SECURITY FIREWALL ACS Certificate CA Certificate RDP traffic
    CA Private Key
    Server

    Tunnel Cert2
    Private K2

    Protocol Disconnect

    ACS VPN Router


    Jump Host
    For Administration

    5
    Customer Defined traffic
    on defined ports

    Customer Firewall

    ESP

    Page 2
    1
    Plug in user key
    Opt: erase key
    Go to CA web page
    Generate public/private key User Key
    Request Certificate
    ACS FIREWALL CA Admininstrator User

    2
    Admin login to CA
    Issue Certificate Manually
    Admin Key
    CA Admininstrator

    3
    User Key
    Go to CA web page
    Install Certificate on Key
    CA Admin ensures Customer VPN Router Tunnel Cert1
    User sets key password Private K1
    3 Key enforces PW complexity rules
    Access CA Webpage CA and user test logon
    CA Admininstrator To VPN router User
    User Certificate
    Signed by CA
    2
    User Private Key
    CA Admin CA Certificate
    Remote Access 1
    Access CA Webpage

    Tunnel Cert2
    1 Private K2
    Certificate Request

    Approved

    Jump Host

    2
    User Certificate
    Signed by this CA
    SECURITY FIREWALL ACS Certificate CA Certificate
    CA Private Key
    Server
    2
    Review Cert Request
    Issue certificate

    Customer Firewall

    ACS VPN Router


    For Administration

    ESP

    Page 3

    You might also like