![]() ![]() Download the latest copy of the MediaWiki plugin from the Duo Security GitHub.Here are a few quick implementation notes: ![]() Having had a chance to deploy it, I felt like this may be a topic that would be of interest for the many companies deploying wikis without that added protection. ![]() Luckily, Duo Security recently published their two-factor authentication module for MediaWiki. If a user happens to get phished, that shouldn't allow an attacker to become an administrator on your corporate wiki or otherwise.Recently, I deployed an internal wiki for the company using MediaWiki and wanted to ensure that we were following best practices by implementing two-factor authentication, even though the exposure was limited by design. The strategy of defense-in-depth should protect assets from being compromised if only a single point of a security mechanism has been beaten. While many companies spend large amounts of their time deploying quality firewall infrastructure, the public-facing web applications behind that firewall rarely get the treatment they deserve for security forethought.While it's easy to say that a wiki may not be a real 'target' for attackers, it's important to remember that with general password reuse, it's convenient for an attacker to leverage stolen credentials against you, and could bounce from that mundane wiki into other parts of your infrastructure. blogs, content management systems, and wikis). I won't go into the details of all that they offer, but it's important to us and our clients to have a solution that can cover many avenues of technology seamlessly.One such need that is often overlooked when evaluating infrastructure integrity are the all-too-vulnerable corporate web applications (e.g. While there have always been a few multifactor authentication options on the market, they rarely have gone to the lengths that Duo Securityhas to provide multi-language, multi-device, and multi-application support for two-factor implementation with one service. Two-factor authentication can be the difference between a major compromise and just a fleeting annoyance for a company. ![]()
0 Comments
Leave a Reply. |