Keeping your VPN protected



Similar documents
Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets

Proven. Trusted.

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

DIGIPASS Authentication for Cisco ASA 5500 Series

Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014

DIGIPASS Authentication for Check Point Connectra

DIGIPASS Authentication for SonicWALL SSL-VPN

DIGIPASS Authentication for GajShield GS Series

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

DIGIPASS Authentication for Check Point Security Gateways

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

HOTPin Integration Guide: DirectAccess

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Deploying iphone and ipad Virtual Private Networks

DIGIPASS Authentication for Juniper ScreenOS

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

icrosoft TMG Replacement with NetScaler

A brief on Two-Factor Authentication

OVERVIEW. DIGIPASS Authentication for Office 365

Hosting topology SMS PASSCODE 2015

VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Protect your laptop with ESET Anti-Theft

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco VPN Concentrator Implementation Guide

Cisco ASA Authentication QUICKStart Guide

ipad in Business Security

Using Entrust certificates with VPN

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

External Authentication with Citrix Access Gateway Advanced Edition

ZyWALL OTPv2 Support Notes

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

INTEGRATION GUIDE. DIGIPASS Authentication for Citrix NetScaler (with AGEE)

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

ESET SECURE AUTHENTICATION. Product Manual

Ensuring the security of your mobile business intelligence

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Deploying iphone and ipad Security Overview

BlackShield ID Best Practice

Palo Alto Networks GlobalProtect VPN configuration for SMS PASSCODE SMS PASSCODE 2015

SMS PASSCODE CONFIGURATION FOR CISCO ASA / RADIUS AUTHENTICATION SMS PASSCODE 2011

Cisco ASA configuration for SMS PASSCODE SMS PASSCODE 2014

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Moving Beyond User Names & Passwords

Juniper SSL VPN Authentication QUICKStart Guide

Juniper Networks SSL VPN Implementation Guide

NetMotion + YubiRADIUS Quick Start Guide

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

7 VITAL FACTS ABOUT HEALTHCARE BREACHES.

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Configuring Global Protect SSL VPN with a user-defined port

Employee Active Directory Self-Service Quick Setup Guide

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Remote Vendor Monitoring

RSA SecurID Two-factor Authentication

Using Vasco IDENTIKEY Server with NetScaler

Adaptive User Authentication

Strong Authentication for Cisco ASA 5500 Series

Ensuring the security of your mobile business intelligence

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

How To Use Netscaler As An Afs Proxy

2 factor + 2. Authentication. way

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Transcription:

Keeping your VPN protected

Overview The increasing use of remote access is driving businesses to look for an easy to manage, secure solution for providing access to sensitive company assets. There are a growing number of easy to configure and affordable VPN solutions offering both remote access and in some cases Unified Threat Management to companies of all sizes from Small and Medium Businesses to Enterprises. ESET with its NOD32 technology secures business IT infrastructure across all major operating systems. It now offers a way to provide strong authentication through this class of VPN device, using One Time Passwords (OTPs) generated by a simple-to-use app on the user s mobile phone. ESET Secure Authentication combined with your VPN gives you easy and ultra secure remote access everywhere and any time.

ESET Secure Authentication Securing your VPN The Problem Businesses are increasingly being asked to offer remote access to corporate applications and resources, whether by mobile workers, small branch locations or partners and customers. True network security requires multiple elements and many of these are provided via any of a growing range of VPN appliances. However, as static passwords are widely known to be non-secure and easy to compromise, many security experts recommend supplementing the built in user authentication of these devices by adding a second factor or strong authentication. ESET Secure Authentication integrates with all major VPNs to provide twofactor user authentication, ensuring strong security for the corporate LAN and central resources. Two-Factor Authentication (2FA) is an authentication method which requires two independent pieces of information to establish a user s identity. 2FA is much stronger than traditional password authen-tication, which requires only one factor. This document presents an overview of how quick and easy configuration is for these devices. Individual in-depth integration guides for each VPN device are available via the links at the end of this document or by searching the ESET Knowledge Base for the name of the VPN appliance. The Solution ESET Secure Authentication can be easily deployed to supplement existing VPN devices, adding strong authentication without any significant change to the VPN configuration. The standard authentication method for the majority of VPN devices is based on either LDAP, RADIUS or local authentication. ESET Secure Authentication uses RADIUS as an external authentication method for your VPN device. After configuring ESET Secure Authentication and your VPN correctly, you will have eliminated the weakest point of any security infrastructure the use of static passwords, which are easily stolen, guessed, reused or shared. Benefits ESET Secure Authentication offers the following benefits in combination with your chosen VPN appliance: Greatly enhanced security requiring two independent pieces of information for authentication Reduced risks from weak passwords Minimal time needed for training and supporting users Easy to implement into your network

How does 2FA work with ESET Secure Authentication? Two-Factor authentication requires the use of a third-party authentication service. The authentication service consists of two parts: An ESET Secure Authentication RADIUS Server running in your Windows Network where an administrator can use Active Directory Users and Computers (ADUC) to configure users 2FA settings. A mobile application (for all mobile operating systems) running on the user s mobile phone, which is used to generate OTPs for each authentication attempt. Alternatively, OTPs can be delivered on-demand by SMS. Once enabled for 2FA, a user must enter a valid OTP in addition to their static password to gain access. They receive these 6-digit codes from the app running on their mobile phone codes which can be generated without the phone being connected to a network. The static password is forwarded via the VPN to the back end (Domain Controller) to verify that the static password is correct. The OTP is forwarded and checked against the ESET Secure Authentication Server running on the network. Only if both are correct is the user authenticated. Your VPN with ESET Secure Authentication One Time Password Internal Company Network VPN connection e.g. SSL, IPSec, L2TP Application Servers FTP User s Computer VPN Appliance Standard Password ESET Secure Authentication Server Domain Controller

ESET Secure Authentication Securing your VPN Technical Specification General Overview RADIUS authentication with ESET Secure Authentication operates in the following way: 1. A remote user initiates a connection to the VPN 2. The VPN appliance gathers the user s ID, static password and OTP and submits these credentials to the ESET Secure Authentication RADIUS server 3. The server marshals the credentials to the ESET Secure Authentication Core Authentication Service 4. The Authentication Service authenticates the static password against AD, and the OTP against the secret data stored on the user s AD account 5. The VPN appliance then grants the authenticated user access to the company network VPN authentication with ESET Secure Authentication Your VPN s main purpose is to secure remote connections. It can perform the authentication for this against an external service using the RADIUS protocol this allows the ESET Secure Authentication RADIUS Server to function as a back-end service for your VPN. Users will be authenticated first by the ESET Secure Authentication Server, which can be linked to Active Directory in the back-end. In effect the ESET Secure Authentication Server is deployed in between the VPN and Active Directory. This means that ESET Secure Authentication receives all authentication requests from your VPN. The OTP with the authentication requests will be verified by the ESET Secure Authentication RADIUS Server. The Server will relay the static password to the back-end (RADIUS Server or Active Directory) for verification if required. After a successful verification, a RADIUS ACCESS-ACCEPT message will be sent to the VPN for the authentication response. Prerequisites for Securing your VPN with ESET Secure Authentication VPN Prerequisites Active Directory ESET Secure Authentication Server A VPN with a working setup is an essential prerequisite for securing your VPN with ESET Secure Authentication. It is important that this is working correctly before you begin implementing ESET Secure Authentication. Active Directory must already be set up it will be used as the back-end authentication for users static passwords. User accounts must also have been created in Active Directory. ESET Secure Authentication must be installed on the Active Directory Domain. ESET Secure Authentication ships with a standalone RADIUS server, so it has everything you need to add 2FA to your VPN.

Integration Guides Guides are available on the ESET Knowledge base for: Barracuda Cisco ASA ipsec Cisco ASA Citrix Access Gateway Citrix Netscaler F5 Firepass Check Point Software Fortinet Fortigate About ESET ESET is a global provider of security solutions for businesses and consumers. Its global headquarters are in Bratislava (Slovakia) and offices across EMEA, Asia-Pacific, Latin America and North America. ESET products are trusted by over 100 million IT pros and home users worldwide. The company s global research centers deliver security innovation to customers in 180 countries. Juniper Microsoft RRAS Microsoft RRAS with NPS OpenVPN Access Server Palo Alto Sonicwall www.eset.com Copyright 1992 2014 ESET, spol. s r. o. ESET, ESET logo, ESET android figure, NOD32, ESET Smart Security, SysInspector, ThreatSense, ThreatSense.Net, LiveGrid, LiveGrid logo and/or other mentioned products of ESET, spol. s r. o., are registered trademarks of ESET, spol. s r. o. Windows is a trademark of the Microsoft group of companies. Other here mentioned companies or products might be registered trademarks of their proprietors. Produced according to quality standards of ISO 9001:2000.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information