How to secure WebDAV with SSL and Two-Factor Authentication

Benefits of Using WebDAV

Web-based distributed authoring and versioning or WebDAV is the protocol that is creating the “read-write” web. It is facilitating collaboration in many ways across the internet, replacing proprietary protocols (FrontPage, e.g.) or superseding less functional open protocols ((FTP, SFTP). The primary drivers for the adoption of WebDAV include:

* WebDAV resources can be set up like local drives allowing you to work with remote files as if they were on your machine.
* It allows for “locking” of files so multiple users can work with a file at the same time, but only one at a time can make changes.
* It is more efficient than FTP or SFTP.. You can pipeline multiple transfers through a single TCP connection.
* It is an extension of HTTP and uses the same ports – 80 or 443, avoiding potential firewall issues.
* Support for WebDAV is available across multiple platforms creating a cross-platform solution.

However, as with all things Internet-related, security is an issue, particularly if you are dealing with confidential information. Yet companies always need to share information and work with outside personnel. It can be very tricky to collaborate with third-parties, yet still be able to authenticate users. How do you know that users aren’t sharing a password? Yet, you don’t want to provide a hardware token to a non-employee particularly for a short project, as you will more than likely never get it back.

A scenario where combining two-factor authentication with WebDAV might be for a public company that collaborates with an outside PR firm for financial releases. Knowledge of pending merger announcements or financial results is highly confidential corporate information and using two-factor authentication greatly reduces the risks of sharing static passwords. Many firms might also need to replace less-secure FTP services due to new compliance regulations.

For our purposes, a key benefit is that we can use the security tools available to protect HTTP services to protect WebDAV. In this how-to, we will create a secure WebDAV resource using Apache, Radius, SSL and two-factor authentication from WiKID Systems to set up secured remote drives on Windows, Mac and Linux machines.



One response to “How to secure WebDAV with SSL and Two-Factor Authentication

  1. Thanks, always good posts on your blog!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s