The Latest Updates for NET+ Duo Security Participants

Estimated reading time: 3 minutes

By Nick Lewis
Internet2 Program Manager, Security and Identity

The NET+ Duo Security program recently posted an update on 2019 on the NET+ Duo wiki. The blog went over updates from the previous year and plans for 2020. This post details a few additional updates with action items for NET+ Duo participants. 

If you are not yet participating in the NET+ Duo program, please visit the Engage tab on the NET+ Duo web page. The NET+ Duo program, in collaboration with Internet2 and Duo Security, now part of Cisco, allows accredited U.S.-based institutions to deploy Duo’s multi-factor authentication (MFA) broadly, efficiently and cost-effectively.

Survey

The NET+ Duo Service Advisory Board is sponsoring the NET+ MFA Community Survey 2020 to understand how MFA services are used in our community. Our intention of this survey is to get more granular than the EDUCAUSE Core Data Service, CDS Spotlight: Campus MFA Practices, and HEISC Information Security Almanac. We would like to get all responses from the community and start analyzing the survey responses by June 1st, 2020. Based on the advisory board completing the survey, it should take under 10 minutes to respond to the survey. We intend to do a similar survey every year and share the results with the community. If you have any questions about this survey, please contact Nick Lewis.

MFA Phishing

Our community has seen instances of successful phishing attacks against MFA. Though not a new risk, Duo and the advisory board have discussed the recent phishing campaigns where the campus MFA was bypassed. Choosing the strongest forms of MFA, such as mobile push-based 2FA, as well as enforcing authentication methods based on application, reduces the risk of phishing.

As with all security tools and processes, MFA must be accompanied with robust user education and awareness on how to use it to manage risk for a campus. The advisory board discussed the challenges for higher education around this discussion and would like more community feedback on how these recommendations would work on your campus. Please contact the advisory board if your campus has been affected by a phishing attack, if there are additional resources your campus needs, if you have feedback, or to learn more about Duo’s recommendations to mitigate the risk of MFA phishing. 

Presentations and Community Engagement in 2020

As part of the NET+ Duo service advisory board engaging with the community on MFA, we have a presentation at the EDUCAUSE Security Professionals Conference on Duo Usage in Higher Education at Smaller Colleges in development for the online conference this year. David Allen from Pacific Lutheran University and I will be leading this presentation. 

Closing

We are continuing to engage with the advisory board and Duo on plans for 2020. The survey asked for feedback or suggestions for the NET+ Duo program, but if there’s any feedback or suggestions for the NET+ Duo program that you didn’t put in the survey, please contact me or the NET+ Duo service advisory board directly.

The NET+ Duo program and associated activities are supported by institutions signing up for the program. The NET+ Duo offering includes a community negotiated contract, pricing and a community of practice supporting Duo usage in higher education. The program is open to non-profit higher education institutions whose main campuses are located in the United States, or not-for-profit InCommon Participants. Please reach out to me if you have any questions about how to sign up for the program. 

Related articles and blogs:

• Duo Announcement
• Duo Security FAQ
• What Do Research Computing and Information Security Leaders Have in Common?