Multi-factor authentication (MFA) for openmediavault web console

1. offizieller Beitrag

    Dearest OMV team,


    I was looking to info on enabling MFA on the OMV web console and came across this thread (Multi-factor Authentication for the Web Admin Console) from last year which stated that the team didn't believe MFA is necessary since the console should not be internet facing. This logic doesn't hold up compared to the number of businesses who protect their internal privileged accounts, backups, and access to sensitive data such as cardholder data in PCI environments with MFA. Single-factor passwords are not enough to protect against GPU farms brute-forcing 20 character passwords. Additionally, it is standard operating procedure for threat-actors looking to deploy ransomware to target and destroy internal/not public-facing backups prior to infection to ensure the victims pay the ransom.


    I would greatly appreciate if the OMV team reconsidered this. I personally have authy synced with pam/google-authenticator library for ssh access to all of my internal linux systems that will never see the public internet.



    Thank you for you great work.


    CB

    Att. the OMV team


    I would also address my thanks for a great product - and then I would like to support CB in his request for reconsidering :)


    In my use-case the OMV is used in order to protect data via "rsnapshot" - The OMV is placed in a seperate isolated VLAN, access to data is done from the OMV to the backuppoints on "normal" VLAN with Internet Access. By nature the VLAN with Internet access is vulnerable to eg. ransomware attacks, but at the same time the ssh and webgui needs to be accessed from this... therefore an MFA solution would be great in order to protect the OMV from attacks from the inside.


    As Robert S. Mueller, the former Director of the FBI once said... "There are only two types of companies (persons :) ) - Those who have been hacked and those that will be hacked.”


    Best regards

    'Adder

    • Offizieller Beitrag
    Zitat von BlackAdderDK

    As Robert S. Mueller, the former Director of the FBI once said... "There are only two types of companies (persons :) ) - Those who have been hacked and those that will be hacked.”

    ^^


    One solution would be to access through a VPN and work on the LAN from the WAN.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden