Starting with version 5.5, Nagios XI has implemented 2 factor authentication using DUO. DUO 2FA improves the security for Nagios XI by letting users log in using a 2nd factor (Phone App, SMS, Phone Call, emaill). Currently there are 2 ways to enable 2FA, through the Nagios XI admin settings (the security tab in Admin > Settings) and the DUO Nagios XI component.
Setting Up Email 2FA
Email 2FA can be set up without having a DUO account. When a user attempts to log in the user will receive a token via email which the user will have to input into Nagios’ token field. To set up Email 2FA, do the following:
1. From the Nagios XI console go to Admin > System Settings
2. Select the Security Tab. Check ‘Enable Two Factor Auth’
3. Click on ‘Update Settings’
Now whenever a user logs in, a login token will be emailed. Use that login token to log into the Nagios XI console.
Setting Up 2FA using DUO Account
If you have a DUO account, you can set up 2FA to use your DUO configurations instead. To set up DUO 2FA do the following:
1. From the Nagios XI console go to Admin > Manage Components
2. Find the DUO component. Select the ‘Edit Settings’ icon.
3. Follow the ‘First Steps’ subsection in these instructions: link
4. Add your DUO credentials to the DUO configuration page.
5. Select ‘Apply Settings’
Once the DUO component is configured, users will be prompted to select a 2FA method.
Note that DUO 2FA can be turned off on a user by user basis. To do this go to Admin > Manage Users, select a user, then under ‘Authentication Settings’ and ‘DUO 2FA’ select ‘skip’
Why Use 2FA
The main purpose of 2FA is to prompt for an additional credential layer when accessing your content. If a malicious user were to obtain you username/password login credentials, they would also require approving the additional 2FA credential. This makes a malicious user much less likely to gain access to your systems. The chances of the attacker obtaining the necessary privileges to access your accounts decrease significantly for each additional security layer that is added. Using DUO with Nagios, not only would a hacker need to gain access to your username and password, but would also need to gain access to your phone as well!
2FA improves security significantly. Over 90 percent of employee passwords can be cracked within 6 hours and 65% of people use the same passwords for all their user accounts (source). This means that using only password security is a huge security risk! We at Rex strongly recommend that all readers use 2FA to ensure their data is properly protected.
DUO is convenient, easy to use, and feature packed. Duo has the most features compared to other Multi Factor Authentication providers.
© Copyright 2019 Rex Consulting, Inc. - All rights reserved