mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
# Standards and References - MFA with Duo
|
||||
|
||||
## NIST Standards
|
||||
- **NIST SP 800-63B**: Digital Identity Guidelines - Authentication and Lifecycle Management
|
||||
- AAL1: Single-factor authentication
|
||||
- AAL2: Multi-factor authentication (Duo Push, TOTP)
|
||||
- AAL3: Hardware-based phishing-resistant (FIDO2, PIV)
|
||||
- **NIST SP 800-53 Rev 5**: IA-2, IA-2(1), IA-2(2), IA-2(6), IA-2(8), IA-3, IA-5
|
||||
|
||||
## Duo Documentation
|
||||
- **Duo Authentication Proxy**: https://duo.com/docs/authproxy-reference
|
||||
- **Duo for RDP**: https://duo.com/docs/rdp
|
||||
- **Duo Unix (SSH)**: https://duo.com/docs/duounix
|
||||
- **Duo Web SDK**: https://duo.com/docs/duoweb
|
||||
- **Duo Verified Push**: https://duo.com/blog/webauthn-passwordless-fido2-explained-componens-passwordless-architecture
|
||||
- **Duo Admin API**: https://duo.com/docs/adminapi
|
||||
|
||||
## CISA Guidance
|
||||
- **CISA MFA Guidance**: Phishing-resistant MFA requirement for federal agencies
|
||||
- **EO 14028**: Executive Order on Improving the Nation's Cybersecurity - MFA mandate
|
||||
|
||||
## Compliance
|
||||
- **PCI DSS 4.0**: Requirement 8.3.1 - MFA for all access to CDE
|
||||
- **HIPAA**: 45 CFR 164.312(d) - Person or entity authentication
|
||||
- **SOX**: MFA for privileged financial system access
|
||||
- **CMMC**: Level 2 - IA.L2-3.5.3 Multi-factor authentication
|
||||
@@ -0,0 +1,36 @@
|
||||
# MFA with Duo Workflows
|
||||
|
||||
## Workflow 1: Duo Authentication Proxy Deployment
|
||||
1. Install Duo Authentication Proxy on dedicated server
|
||||
2. Configure authproxy.cfg with AD/LDAP primary auth
|
||||
3. Add Duo API credentials (ikey, skey, api_host)
|
||||
4. Set failmode=safe for initial testing, change to secure for production
|
||||
5. Start Duo proxy service, verify connectivity
|
||||
6. Configure VPN/application to use proxy as RADIUS server
|
||||
7. Test with pilot group before full deployment
|
||||
|
||||
## Workflow 2: User Enrollment
|
||||
1. Admin creates Duo user (manual or AD sync)
|
||||
2. User receives enrollment email/link
|
||||
3. User installs Duo Mobile app
|
||||
4. User scans QR code to link device
|
||||
5. User completes test authentication
|
||||
6. Admin verifies enrollment status in Admin Panel
|
||||
|
||||
## Workflow 3: MFA Fatigue Attack Response
|
||||
1. Detect multiple rapid push notifications to single user
|
||||
2. Alert security team via SIEM integration
|
||||
3. Temporarily lock user's Duo account
|
||||
4. Contact user to verify if they initiated authentication
|
||||
5. If unauthorized: reset credentials, investigate source
|
||||
6. If authorized: educate user, enable Verified Push
|
||||
7. Update policy to require Verified Push for affected group
|
||||
|
||||
## Workflow 4: Duo Failover and Emergency Access
|
||||
1. Duo cloud service becomes unreachable
|
||||
2. Authentication Proxy checks failmode setting
|
||||
3. If failmode=secure: deny all access (most secure)
|
||||
4. If failmode=safe: allow primary auth only (business continuity)
|
||||
5. Admin monitors Duo status page for resolution
|
||||
6. After restoration: review all authentications during outage
|
||||
7. Investigate any suspicious access during failover period
|
||||
Reference in New Issue
Block a user