 So I want to make a quick video about duo security full disclosure. We use duo. We deploy duo. We really like it Also, the reason for this is you may have seen duo in the news and maybe the first time you've heard of them And they've been around for a little while Doug's the CEO. He's a local guy wonderful person I wish him the best with his announcement that Cisco did purchase the company now We started using duo a while ago for some of our clients and duo Hands down. I know why Cisco bought them. They got a great product. That's really easy to use So to TP authentication I've talked about before where you have rolling numbers that are time-based that you need to create an access token Which is much better than you know things like SMS to factor It's it's a great system, but it's not as easy for end users and as soon as you start saying to TP keep track of tokens They're like, huh, you know, we at some point as much as I love security Myself and we don't mind we're in the tinfoil hat. We're very technical people here We need something that is still secure, but also easy for end users to use and this is where dual kind of filled that gap they have a massive amount of support for a lot of different platforms and One of the specific ones we use them for is RDP and this is the great go-between for Security and people who you know will not have the best passwords and will only increment the month every time you force them to even change The password because you think it's insecure. So to thwart that effort and make it easy to do Duo fits that bill just like the little picture here shows. I'm gonna show you some screenshots of how it works I'm saying screenshots because I don't want to reveal anything because this is actually an active client We have installed that I've pulled some data from so you can see how the login works It really is simple. So people log in you load the duo up on your phone you tie We're gonna use this example active directory But it can really be any account and you set up their same usernames inside of duo So whenever they log in they get a prompt on her phone much like the picture here says it's a green or red button That says yes, you want this to log in or no, you don't so user goes to the website or the RDP session in case We're gonna talk about today. They log in the phone beeps and goes Do you want to approve this login really simple? So let's look a little bit of the features of the company So here is in like I said, they have docs and demos and pricing and we're talking about that So they have all the things there's kind of a screenshot of what it looks like approved and I really simple on the phone You can't get much easier than that. Of course iPhone and Android supported Nice simple system They work with Microsoft really well, so for your clients that are looking for an easy way to duo authenticate You can use it for Windows Active Directory office 365 outlook like all their Azure services all their office 365 all their online services can actually be tied in here Including like the Microsoft directories or specifically what we're going to talk about is RDP Now just as someone asked you to a pricing page Where you can set up and it's like six dollars a month for the More advanced version. They also have a couple other options where you can just buy bulk authentication amounts I don't know how the pricing is going to change. This is what it is now They just got announced by Cisco and Cisco if I had to guess they only give nothing away for free, but they still have a free one where you can play around with the system and Pretty straightforward and simply do this with you know, so you can do some testing on it for yourself So pretty straightforward how their system works What's kind of cool too is they do have some offline modes So they do have the ability to call you if your phone for some reason working they can call a phone number You don't have to enable that but that is there and this is what these telephony credits are at the bottom You can receive a hundred credits a hundred credits user year Each I believe each phone call cost you one credit We hardly ever use it, but it's an option that you have They also have the ability because someone's going to ask well, what happens if duo goes down? Well, they have an option that you can set to say fail open highly advise against it But you can and all of our time we've had this deployed for quite a while for clients We haven't seen duo go down. It's not been our phone blowing up going Hey, we can't get in because of this or that the way we have this setup And when you load this you can tell it to authenticate the entire server or in the cases for us a lot of times It's only the RDP users So we have them set up to Authenticate just people who come in remotely because those are obviously the ones that are at most risk So that's enough about you know all the different integrations likes that They don't support Microsoft they support Slack and JIRA and just a pile of other things So she would it looks like when you actually log in so here's a screenshot and I blurred out because I actually have it tied to my Phone it'll show the last four digits of a phone number that is that the device is attached to for that account I believe you can attach more than one device if you wanted to to a single account We don't really have anyone set up that way most people just have one device now Here's the options in here. You can send a push the duo and it just does the prompt on the phone You can have the passcode now the passcode is TOTP So that's kind of interesting in it the application sets that up And it's really easy to do and they can have a call me option. This is where you can use those tokens So for some reason they have the ability to get phone calls but don't have the ability to See the duo push or if they're using a flip phone you can set it to the call me option Obviously, this is something you may want to disable because this comes right back to the insecurity of SMS or just in general hijacking a phone number if someone gets a hold of their phone and forwards it or sit somehow hijacks their phone number because this is Attached to the duo not through text but through the duo app to their phone using the internet the call me feature Obviously does represent a potential security hole. So overall we we don't have that option We did just disable that, you know, unless there's some reason you need to have it enabled So this is what it looks like, you know, you log in your usual username password domain for RDP This is what you're prompted with and then they just push it on the phone. Now. What does it look for reporting? Well, this is actually kind of cool So here's like the duo dashboard for this client and blurred out their names This is 69 authentications in the last 48 hours Shown in 30 minute increments. Now, it's kind of funny because I laugh a little bit because still end users are end users This particular end user and I'll show you in the next panel here. They do this all the time and we don't really know why they deny and Then grant or grant and deny and I'm not sure why They're they're they're strange and it's the same user doing this all the time We you know when you get concerned when you look at it You're like is this a security problem is like no we're we're not we're not good at this is what they actually told me I'm like, okay Just say yes when you want to log in and know when you don't because you can see they're successive and I blurred out But I left the last couple of days, you know, there's the same IP logging in. It's them doing it They're aware they're playing with their phone and having trouble with it. It's this one user Well, actually it's more than one. It's another one. It does something similar But you can still see and it's hard for end users to do things So they entered the dual mobile passcode to this one dual push a dual passcode dual push So you can see how they authenticated what time they logged in And what they're doing. So the system works really well It's easy just to go through the logs here set up administrators and groups and manage it They've made a great product. So I highly recommend it still. I am greatly worried though about Cisco I'm sure Cisco bought them because they have such a massive user base And you know their install is like a no-brainer. You just turn it on essentially and it supports, you know The install is a couple next. Yes, put your account ID and and it's just turned on It's almost weird because you think you're looking for like where's all those options and where's all the questions It should ask me and there's really not any once you put your ID and a couple secure tokens in there to make sure it's your account it just installs so Just want to cover it real quick because one is popping in the news right now What's this good purchasing on but it is something we actively a use with our clients and I will tell you it cuts down so much on your Security worries because they're going through this now Issues we have had with it is we have a couple of these people you can see just based on long It's just a lot of long as we have a couple people that keep forgetting their phone places Which I just I don't know they were mad because there's not a way to bypass it They wanted me to bypass the authentication because they left their phone at home And they live 45 minutes away from their office and now they're at their office And I'm like no no this is the exact point of duo security is that someone can't just bypass and log in as you so this is a Great system highly recommend it The concerns are still there, but I tell you I haven't seen one better than duo So duo's really got the market cornered by making a product that has a super low friction with end users And these are just general end users that kind of remote into the system They sometimes have trouble pushing this which brought button grant or deny Trust me to OTP is even harder for them So this but this is that pain-free solution that we found that required the fewest number of phone calls So this is duo security what it looks like a great product highly recommend it Yes, I know Cisco bought it and that does concern me But I will tell you the CEO is a wonderful person got to meet him in person a few times and yeah Wish them the best. Hopefully this all stays just as easy and seamless As it has been and I believe you can even have a lot of other devices on here for example It does have device support So I know I talked about the Microsoft's but go through the list and check it out and they still for now I have the free trial. So go ahead and sign up for the free trial and test it out This is get duo security Thanks for watching if you liked this video go ahead and click the thumbs up Leave us some feedback below to let us know any details What you like and didn't like as well because we love hearing a feedback or if you just want to say Thanks, leave a comment if you wanted to be notified of new videos as they come out go ahead and to subscribe and the bell icon That lets YouTube know that you're interested in notifications. Hopefully they send them as we've learned with YouTube Anyways, if you want to contract us for consulting services You go ahead and hit launch systems calm and you can reach out to us for all the projects that we can do and help you We work with a lot of small businesses IT companies even some large companies and you can farm different workout to us Or just hire us as a consultant to help design your network Also, if you want to help the channel in other ways, we have a patreon. We have affiliate links You'll find them in the description You'll also find recommendations to other affiliate links and things you can sign up for on Lawrence systems calm once again Thanks for watching and I'll see you in the next video