Implementing more secure VPN access

[Vertigo]

We're a relatively small company and several employees use basic PPTP VPN access via an ISA 2006 server to remotely access office systems when necessary.

I'm getting increasingly concerned about the security risks involved as, frankly, I don't trust some of these people to keep passwords sufficiently complex or secure and am thus wondering what I can do to improve things.

Ideally I'd like a system which uses the RSA-type fobs with a rotating code the user has to type in but I know nothing about how such a system is implemented nor the costs involved, as these may be prohibitive for a small outfit such as ours.

Does anyone have any info or advice or can point me in the right direction to do some more reading up on this?

 

[Vertigo]

No I haven't - don't really know what it involves or what benefits it would convey in terms of security - willing to consider if it'd help.

Regards the RSA SecurID stuff, I've done some research and it appears my ISA 2006 box will support this as standard - do I just need to buy the fobs and configure it or do I need an account/subscription with RSA too?

 

[Vertigo]

Thanks, I'll look into it.

Basically I'm looking for a way to implement two-part authentication along the lines of the "something you know, something you have" paradigm.

Passwords alone simply aren't secure enough so a certificate or RSA fob would give me the "something you have" too. I'd obviously need to be able to instantly disable or remove access from certain certificates or fobs in the case they were lost or stolen etc.