Re: [members-discuss] [ncc-announce] Attack on RIPE NCC Access - Please Enable Two-Factor Authentication
Hi Ivo, Thanks for the heads up. It would be usefull if a LIR Admin user in the portal could see if "his" users have the 2FA enabled. That way I could encourage my colleagues without 2FA to enable. CC: to the members-discuss for feedback on the suggestion. mit freundlichen Grüßen Steffen Weinreich -- Wireless Logic mdex GmbH Bäckerbarg 6, 22889 Tangstedt, Germany Am 18.02.21 um 16:49 schrieb Ivo Dijkhuis:
Dear colleagues,
Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future.
Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.
We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks.
If you notice any suspicious activity in your RIPE NCC Access account, please contact us immediately at <security@ripe.net>.
Best regards,
Ivo Dijkhuis Senior Information Security Officer, RIPE NCC
Hi, +1 to Steffen’s idea. Also, a couple of questions... how can I find out if someone (attempts to) login with my SSO? Can the RIPE NCC provide a page showing a list of last 5-10-100 (un)successful logins? How about e-mail notifications (with the IP address of the attacker) when a failed login attempt is made? Can I get an e-mail notification that someone has logged in, every time a successful login happens? - I’d like these to be opt-in Elvis On Fri, Feb 19, 2021 at 00:40 Steffen Weinreich <steffen.weinreich@mdex.de> wrote:
Hi Ivo,
Thanks for the heads up.
It would be usefull if a LIR Admin user in the portal could see if "his" users have the 2FA enabled. That way I could encourage my colleagues without 2FA to enable.
CC: to the members-discuss for feedback on the suggestion.
mit freundlichen Grüßen
Steffen Weinreich
-- Wireless Logic mdex GmbH Bäckerbarg 6, 22889 Tangstedt, Germany <https://www.google.com/maps/search/B%C3%A4ckerbarg+6,+22889+Tangstedt,+Germany?entry=gmail&source=g>
Am 18.02.21 um 16:49 schrieb Ivo Dijkhuis:
Dear colleagues,
Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future.
Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.
We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks.
If you notice any suspicious activity in your RIPE NCC Access account, please contact us immediately at <security@ripe.net>.
Best regards,
Ivo Dijkhuis Senior Information Security Officer, RIPE NCC
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elvis%40v4escrow.net
-- This message was sent from a mobile device. Some typos may be possible.
On 19/02/2021 08:37, Steffen Weinreich wrote:
Hi Ivo,
Thanks for the heads up.
It would be usefull if a LIR Admin user in the portal could see if "his" users have the 2FA enabled. That way I could encourage my colleagues without 2FA to enable.
In addition to this, please could we have an option to make 2FA logins mandatory for anyone logging into an organisation's LIR portal? That way I don't have to keep checking that my staff have enabled 2FA Many thanks, -- Andy Saunders, Network Development Manager IT Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN
Hello, as discussed previously, NCC Access here should implement not only (currently supported) TOPT method of 2FA, but also Webauthn should be supported. I think this should be implemented *before* we enforce 2FA on LIR portal. And of course, (at least) login history should be integral part of portal. Optional (proactive) email notification about unsuccessfull logins will be also useful. - Daniel On 2/19/21 10:03 AM, Andy Saunders wrote:
On 19/02/2021 08:37, Steffen Weinreich wrote:
Hi Ivo,
Thanks for the heads up.
It would be usefull if a LIR Admin user in the portal could see if "his" users have the 2FA enabled. That way I could encourage my colleagues without 2FA to enable. In addition to this, please could we have an option to make 2FA logins mandatory for anyone logging into an organisation's LIR portal?
That way I don't have to keep checking that my staff have enabled 2FA
Many thanks, -- Andy Saunders, Network Development Manager IT Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/danny%40danysek.cz
On Fri, Feb 19, 2021 at 01:06:21PM +0100, Daniel Suchy via members-discuss wrote:
as discussed previously, NCC Access here should implement not only (currently supported) TOPT method of 2FA, but also Webauthn should be supported. I think this should be implemented *before* we enforce 2FA on LIR portal.
And of course, (at least) login history should be integral part of portal. Optional (proactive) email notification about unsuccessfull logins will be also useful.
Strongly support the suggestion to for RIPE NCC to implement WebAuthn. A similar suggestion was made to North American RIR: https://www.arin.net/participate/community/acsp/suggestions/2021/2021-2/ The same motivations of course apply to RIPE NCC online accounts too. Kind regards, Job
On Fri, Feb 19, 2021, at 14:34, Job Snijders wrote:
Strongly support the suggestion to for RIPE NCC to implement WebAuthn.
A very emphatic +1 to this. -- A. A. Glenn AAGlenn Internetworking Company Sheridan, WY 82801 | +1 (307) 316-5767
participants (6)
-
Aaron A. Glenn -
Andy Saunders -
Daniel Suchy -
Elvis Daniel Velea -
Job Snijders -
Steffen Weinreich