creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 11:44:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
768ca51c8d331ab0bdcea8ffb31c9b99bb2c1839
Anthropic-Cybersecurity-Skills/skills/configuring-multi-factor-authentication-with-duo/SKILL.md
T
mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1 
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
2026-06-01 12:13:29 +02:00

6.1 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack
name description domain subdomain tags version author license nist_csf mitre_attack
configuring-multi-factor-authentication-with-duo Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust cybersecurity identity-access-management
iam
identity
access-control
authentication
mfa
duo
multi-factor
1.0 mahipal Apache-2.0
PR.AA-01
PR.AA-02
PR.AA-05
PR.AA-06
T1621
T1110.004
T1110.003
T1078
T1556.006

Configuring Multi-Factor Authentication with Duo

Overview

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust assessment, and phishing-resistant MFA deployment aligned with NIST 800-63B AAL2/AAL3 requirements.

When to Use

  • When deploying or configuring configuring multi factor authentication with duo capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with identity access management concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Configure Duo MFA for VPN, RDP, SSH, and web applications
  • Implement adaptive access policies based on user, device, and network context
  • Deploy phishing-resistant authentication (Duo Verified Push, WebAuthn)
  • Configure device health policies (trusted endpoints, OS version enforcement)
  • Set up Duo Admin Panel monitoring and reporting
  • Implement MFA bypass and emergency access procedures

Key Concepts

Duo Authentication Methods (by security strength)

  1. Security Keys (WebAuthn/FIDO2): Phishing-resistant, AAL3 capable
  2. Duo Verified Push: Requires code entry, resistant to MFA fatigue attacks
  3. Duo Push: Push notification to Duo Mobile app
  4. TOTP (Duo Mobile Passcode): Time-based one-time password
  5. Hardware Tokens: OTP from physical token
  6. SMS/Phone Call: Least secure, use only as fallback

Duo Integration Architecture

  • Duo Authentication Proxy: On-premises proxy for RADIUS/LDAP integration
  • Duo Web SDK: Embed Duo MFA in web applications
  • Duo OIDC/SAML: SSO integration for cloud applications
  • Duo for RDP: Windows Logon MFA
  • Duo Unix: PAM-based MFA for SSH

Adaptive Access Policies

  • Trusted Networks: Reduce MFA friction for corporate networks
  • Remembered Devices: Skip MFA for trusted devices (configurable duration)
  • Device Health: Block or require MFA based on OS patch level, encryption, firewall
  • Risk-Based Authentication: Step-up MFA for anomalous login patterns

Workflow

Step 1: Duo Authentication Proxy Setup

  1. Deploy Duo Authentication Proxy on Windows/Linux server
  2. Configure primary authentication (AD/LDAP or RADIUS)
  3. Configure Duo API credentials (Integration Key, Secret Key, API Hostname)
  4. Set failmode (safe=deny if Duo unreachable, secure=allow)
  5. Test proxy connectivity to Duo cloud and AD

Step 2: VPN MFA Integration

  1. Configure VPN concentrator for RADIUS authentication
  2. Point RADIUS to Duo Authentication Proxy
  3. Configure Duo proxy with [radius_server_auto] section
  4. Test VPN login with Duo Push
  5. Deploy to all VPN users with enrollment period

Step 3: RDP/Windows Logon MFA

  1. Install Duo Authentication for Windows Logon on target servers
  2. Configure Duo application in Admin Panel
  3. Set offline access options (allow N offline logins)
  4. Configure bypass for service accounts
  5. Test RDP login with Duo MFA

Step 4: Adaptive Policy Configuration

  1. Create user groups (Standard, Privileged, Contractors)
  2. Configure per-group authentication policies:
    • Standard: Duo Push allowed, remembered device 7 days
    • Privileged: Verified Push required, no remembered device
    • Contractors: WebAuthn required, no remembered device
  3. Configure device health policies:
    • Require encrypted disk
    • Block outdated OS versions
    • Require firewall enabled
  4. Set trusted network exceptions for corporate IPs

Step 5: Phishing-Resistant MFA Deployment

  1. Enable Verified Push (requires entering 3-digit code from login screen)
  2. Register WebAuthn/FIDO2 security keys for privileged users
  3. Disable SMS and phone call for high-risk groups
  4. Configure Duo Risk-Based Factor Selection
  5. Monitor for MFA fatigue attack patterns

Step 6: Monitoring and Response

  1. Configure Duo Admin Panel alerts
  2. Set up authentication log forwarding to SIEM
  3. Monitor for: MFA denial patterns, bypass usage, new device enrollments
  4. Create incident response playbook for MFA compromise
  5. Regular review of bypass and exception policies

Security Controls

Control NIST 800-53 Description
MFA IA-2(1) Multi-factor authentication for network access
MFA for Privileged IA-2(2) MFA for privileged account access
Replay Resistance IA-2(8) Replay-resistant authentication
Device Identification IA-3 Device identity and trust
Authenticator Management IA-5 MFA enrollment and lifecycle

Common Pitfalls

  • Not deploying phishing-resistant MFA (Verified Push/FIDO2) for privileged accounts
  • Setting failmode to "safe" (allow access when Duo is down) in production
  • Not disabling SMS/phone call for users with app-capable devices
  • Forgetting to configure offline access for laptops
  • Not monitoring for MFA fatigue/prompt bombing attacks

Verification

  • VPN login requires Duo MFA
  • RDP to servers requires Duo MFA
  • SSH access requires Duo MFA
  • Verified Push enabled for privileged users
  • Device health policy blocks non-compliant devices
  • Authentication logs forwarded to SIEM
  • Bypass/emergency access procedures tested
  • MFA fatigue detection alerts configured
Reference in New Issue View Git Blame Copy Permalink