We’ve had some really good feedback about GhostPorts, the feature that opens up firewall ports for a user’s IP address for 4 hours. It allows portal users to hang out at a coffee shop and quickly have access to servers without having to open those ports up to the entire Internet.
Up to now, you’ve needed to get a YubiKey, a one-time password usb token, to use GhostPorts. We’re now offering another even more convenient way to open up GhostPorts – your cell phone.
How it works
In our coffee shop example, let’s say you’d like to get access to the company documentation server. If you were at your desk, this would work instantly; the firewall on that server is set up to give access to all company internal addresses. No such luck at Panera, no matter how good the Cafe Mocha is.
On your laptop, log in to the CloudPassage Portal. Click on the link to “Open GhostPorts” in the upper right hand corner, then press “Send Authentication Code”. The Portal now pops up a box asking for your authorization code with a 5 minute countdown timer.
In a few seconds you’ll get a text message on your cell phone with a 6 digit code. Enter this in the web browser and you now have access to any servers that have GhostPort firewall rules for you.
When you’re done with your pastry and coffee and are ready to head home, revoke the temporary access by clicking on the “Close GhostPorts” link in the upper right and confirm by pressing the second “Close GhostPorts” button. If you forget, no problem; the access will automatically go away after 4 hours.
The “GhostPorts with a YubiKey” approach has been popular and works well, but we wanted to offer an alternative to Portal users. Since many of us have cell phones already, we can use these as the second factor to provide stronger authentication than a password alone.
The SMS approach isn’t a replacement for the Yubikey, it’s a second option. You can mix-and-match; some users could use YubiKeys while others use SMS. You could even use SMS as a backup in case someone loses a Yubikey by just editing their user account and changing the “YubiKey and Halo password” checkbox to “SMS Code and Halo Password”. When you get a replacement key you can change it back.