Two Factor Authentication For Network Devices??

Greetings: Nice to e-meet you all. I have a question regarding a new regulation that is addressed to financial institutions. Basically, this regulation establishes that all network devices in a corporate network, such as routers, switches, firewall, etc.. must have the capability to login into the admin console with a two-factor authentication technology. I know this sounds kind of weird and paranoid from an IT Admin stand point of view, but this regulation is due to have a plan for each financial institution by 2017-2018. Is there any vendor out there that supports or have a solutions that manages such control??? Any help will be appreciated!!! Regards, gravisblackhawk Hi Victor! It is possible if you use CLI for device management. You can use two-factor auth for managing cisco-devices (switches, firewall, routers). All you need - [setup ssh auth via public keys](https://supportforums.cisco.com/document/110946/ssh-using-public-key-authentication-ios-and-big-outputs) and disable remote login with passwords. You can store private key at eToken (we use Aladdin eToken) and protect it with PIN. P.S. Also Cisco-devices supports auth via external TACACS/Radius servers Do you know the name / reference number for that new regulation? I would like to take a look at it since I'm surprised they would set such a difficult to meet standard. From what little research I've done, it doesn't look like two factor authentication is standard on those devices yet. I did find one company which offers it for some Cisco devices, but they also claim to be the only company certified to offer two factor authentication with ssh on Cisco devices. https://www.pragmasys.com/support-cisco-2-factor I believe you can get get two factor auth at any device with external auth support (via Radius server or AD, for example). Even ancient hardware supports Radius. Some tips about Radius servers below : https://supportforums.cisco.com/discussion/11691351/two-factor-authentication-recommendations-asa-5510-vpn Greetings everyone: I appreciate all the help with this issue. Paul to answer your question the FFIEC has established in their 2016 CAT Tool Assessment that all High Risk applications or perimeters, according to the companies risk assessments, must have two factor authentication enabled. Remember, this only applies according to the results that the risk assessments shows according to the application or service assessed. Kind Regards, Graviblackhawk We use it at my company. Not necessarily reserved for only one company, but we use RSA tokens.