ADDING STRONGER AUTHENTICATION for VPN Access Control



Similar documents
STRONGER AUTHENTICATION for CA SiteMinder

Adding Stronger Authentication to your Portal and Cloud Apps

Guide to Evaluating Multi-Factor Authentication Solutions

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

A brief on Two-Factor Authentication

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Ensuring the security of your mobile business intelligence

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Authentication Solutions Buyer's Guide

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

RSA SecurID Two-factor Authentication

Cisco Mobile Collaboration Management Service

Microsoft Enterprise Mobility Suite

Multi-Factor Authentication FAQs

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Strong Authentication for Secure VPN Access

When enterprise mobility strategies are discussed, security is usually one of the first topics

Ensuring the security of your mobile business intelligence

Securing Virtual Desktop Infrastructures with Strong Authentication

nexus Hybrid Access Gateway

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Two-Factor Authentication

PortWise Access Management Suite

Using Entrust certificates with VPN

Mobile Device Management for CFAES

Improving Online Security with Strong, Personalized User Authentication

SafeNet Authentication Service

Advanced Configuration Steps

Systems Manager Cloud Based Mobile Device Management

FileCloud Security FAQ

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

How To Make A Multi-Tenant Platform Secure And Secure

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

CoSign by ARX for PIV Cards

Flexible Identity Federation

Remote Access Securing Your Employees Out of the Office

How To Protect Your Mobile Devices From Security Threats

Symantec Managed PKI Service Deployment Options

ADAPTIVE USER AUTHENTICATION

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Windows Phone 8.1 Mobile Device Management Overview

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication Evaluation Guide

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Proven. Trusted.

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

The Convergence of IT Security and Physical Access Control

Data Protection Act Bring your own device (BYOD)

Entrust IdentityGuard Comprehensive

PortWise Access Management Suite

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

EasiShare Whitepaper - Empowering Your Mobile Workforce

PULSE SECURE FOR GOOGLE ANDROID

SharePlus Enterprise: Security White Paper

etoken TMS (Token Management System) Frequently Asked Questions

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant

Self-Service, Anywhere

The ForeScout Difference

Chris Boykin VP of Professional Services

The Convergence of IT Security and Physical Access Control

Secure Your Enterprise with Usher Mobile Identity

Mobile First Government

What We Do: Simplify Enterprise Mobility

Securing SharePoint Server with Windows Azure Multi- Factor Authentication

Swivel Multi-factor Authentication

How to reduce the cost and complexity of two factor authentication

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Securing Office 365 with MobileIron

Symantec Mobile Management 7.1

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Ultra-strong authentication to protect network access and assets

Hands on, field experiences with BYOD. BYOD Seminar

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Corporate-level device management for BlackBerry, ios and Android

White Paper. The Principles of Tokenless Two-Factor Authentication

Welcome Guide for MP-1 Token for Microsoft Windows

Feature and Technical

Proposal Document TitleDocument Version 1.0 TitleDocument

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

2X SecureRemoteDesktop. Version 1.1

Top 5 Reasons to Choose User-Friendly Strong Authentication

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

Using RD Gateway with Azure Multifactor Authentication

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

A Symantec Connect Document. A Total Cost of Ownership Viewpoint

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

ipad in Business Security

Access All Your Files on All Your Devices

Transcription:

ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1

ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows remote users to connect to their corporate or organization s networks that would otherwise be inaccessible. Traffic established through the VPN stays isolated by building a secure tunnel protected by encryption or using a dedicated connection. VPN ACCESS AUTHENTICATION Implementing a VPN solution with centralized management of client access is the most optimal way to deliver secure remote access to your corporate network and applications. RADIUS is one method to centralize client administration for either single or multiple VPN switches. RADIUS coordinates authentication and authorization information between a network access server (VPN switch) and a central authentication and authorization server. There are many methods to accomplish this task, but ideal deployments use MS Active Directory or LDAP servers to leverage the existing data stores of your end-users. User VPN Device RADIUS Server MS AD or LDAP app Platform Enterprises wishing to upgrade their VPN remote access to stronger authentication face challenges with existing hardware or software based two-factor solutions. Hardware-based technologies like PKI certificates, Cloud RADIUS VA Connect one-time password (OTP) tokens, smartcards, and USB tokens do not scale above several thousand users. Beyond that, the burden of administration and deployment is too high and cost-prohibitive. Additionally, the use of software, SMS or mobile app based OTPs expose the risk of man-in-the-middle and phishing attacks. addresses all of these shortcomings head-on. Adding Stronger Authentication for VPN Access Control 2

THE LOGINTC PLATFORM The platform is a versatile solution which can quickly add an additional layer of security to any authentication process. The platform combines several products into an integrated, cloud-based identity and access management solution: Cloud, which provides core functionality for administrators to manage users, domains and devices Connector, a set of modules that integrate directly with various service provider end points (this guide focuses on the RADIUS connector) Apps, a token credential storage your users download and install on their mobile devices Cloud Cloud is a fully featured web based control panel used by administrators to manage and monitor their users, domains and devices. Administrator access is protected with two-factor authentication. An administrator can delegate privileges to other administrators, such as managing users and entitlements, managing domains and devices, and accessing audit information and reports. Cloud hosts its infrastructure in a level one PCI DSS compliant data center with audit reporting in accordance with SAS 70 Type II and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. Connector The RADIUS Virtual Appliance is a purpose-built virtual appliance which integrates directly into an existing corporate network. The appliance is downloaded and installed in your on-premise environment. If required, you can deploy the appliance in a load balanced and high availability manner. The appliance is the gateway between your VPN, Wi-Fi or any RADIUSbased device and the Cloud. It leverages your existing username/password first factor and adds a second factor layer with the app. Active Directory and LDAP integration tools are provided to administrators to leverage existing user repositories. Apps The app is a token credential store and authentication tool installed in your user s mobile device. Users create a second factor credential by loading administrator issued VPN tokens in the app. Each remote access attempt pushes a second factor request to the user s mobile Adding Stronger Authentication for VPN Access Control 3

device. The rich app interface allows users to easily decide whether to approve or deny an access request. The app is available for ios, Android and BlackBerry platforms. Download the app Receive CC Add Token with CC Lock Token with PIN https://vpn.corp.com LOGINTC TWO-FACTOR Since the app can be found in the most popular mobile marketplaces, it is easier and less expensive to deploy to your users, even to suppliers, partners, and contractors. That gives you complete flexibility for delivering the VPN enrolment tokens via user self-service provisioning, user bulk upload, or using the Manager with automated email delivery. To reach apps in the mobile network, Cloud leverages push technology from the platforms' advanced notification services. Cutting-edge security and monitoring technologies allows the to deliver out-of-band notifications to registered users via the cellular network or Wi-Fi access points. This powerful interface allows users to interact only with -enabled devices or websites. VPN Integration The RADIUS Connector is packaged as a virtual appliance to run within your corporate network. You download the appliance from the website. The download will consist of a.zip file containing an 1 2 9 VPN Corporate Network Existing 1 st Factor Existing RADIUS Server 8 3 RADIUS VA AD LDAP Open Virtualization Format (OVF) virtual machine. This virtual machine is installed in your virtual machine host; such as ESXi or VirtualBox. The RADIUS Virtual Appliance is configured as the gateway between the Cloud and your existing VPN and user data stores. 5 6 4 7 Cloud Services Using the step-by-step instructions found in the RADIUS Virtual Appliance installation guide, you will enable, configure and Adding Stronger Authentication for VPN Access Control 4

test your VPN with two-factor authentication. Step Authentication Flow 1 User attempts to access the Corporate VPN via a web-based form or VPN client application 2 The VPN has been configured to use the RADIUS VA for authentication 3 If configured with a first factor credential, the RADIUS VA presents user s credential to existing first factor RADIUS Server 4 The RADIUS VA initiates session with Cloud for second factor 5 The Cloud sends out-of-band authentication request to user s smartphone or tablet 6 The user acknowledges notification and enters PIN or passcode to unlock VPN token credential 7 The Cloud confirms validity of user s token and 2FA success 8 The RVA confirms to VPN that user is valid 9 The VPN accepts user s session and redirects the user to internal network and applications Users can access the corporate VPN using a VPN client application, a webbased VPN access form, or through the wireless network as shown below. You can configure your existing first factor to be used in conjunction with the ; for example, Active Directory / LDAP or an existing RADIUS server. You may also opt to not use a first factor, in which case will be the only authentication factor. Access to VPN from a mobile device Users can access your corporate VPN with in tandem with any VPN Mobile Client or a default VPN profile in their smartphone or tablet device. allows you to deliver strong authentication for people on the move. BENEFITS OF USING LOGINTC Whether your users have a company smartphone or tablet, or your organization is fostering BYOD (bring your own device) access to corporate resources, delivers the freedom to innovate how they work. The Apps have been designed to provide the most advanced user experience, with intuitive displays and messages that your users can recognize and adopt. Users attempting to access a VPN switch protected with RADIUS VA are notified out-of-band to enter a PIN or passcode. Point-to-point communication between Cloud and app prevents Adding Stronger Authentication for VPN Access Control 5

phishing, password cracking, and Man-in-the-Middle attacks. A correct PIN challenge response grants your users access to VPN-protected applications and data. Multiple incorrect PIN attempts render the credential inoperable, preventing fraudsters to access protected information with lost or stolen devices. There are multiple benefits of adding to your VPN deployment: Out-of-the-box integration: Enhancing VPN authentication management capabilities is made easy to VPN administrators while eliminating upfront capital investment and the typical time to acquire, deploy and implement new infrastructure User Experience: It s simple and smart; the app efficiency, convenience and ease of use make it a practical and secure tool to your VPN remote users Improved security: Protects against new Internet threats like Manin-the-Middle that defeat One-Time Password (OTP) tokens Reduced risk: Multi-factor authentication reduces risk of identity theft and network access threats by enabling safe, secure remote access to data and applications from anywhere Improved compliance: Comply with regulatory policies or industry best practices for two-factor authentication for employees, suppliers and partners Works worldwide: even without cell service, the app can receive secure notifications via Wi-Fi access points Lower and reduced cost: With the, there are no tokens or cards to lose, passwords to remember, and less calls to the help desk. It provides the lowest cost of ownership of any multi-factor authentication technology on the market today Mobility working away from a traditional office setting or fixed location has become a common requirement for today s knowledge worker. With millions of smartphones and tablets in use in Canada and the US, the provides the most affordable and secure 2FA that your organization can adopt. delivers instant secure access to network and applications to your mobile workers, either through a PC or in the mobile device itself. DEPLOYING LOGINTC By default platform is delivered as a cloud-based service. However, can be deployed in two other ways: Adding Stronger Authentication for VPN Access Control 6

Private Cloud-based 2FA services on demand On-premise In a Private Cloud deployment, is delivered as Security-as-a- Service with components sand-boxed exclusively for your organization. The On-Premise solution includes a Virtual Appliance license that can be easily integrated into corporate IT infrastructures, and can be architected in load balance and high availability mode. is developed by Cyphercor Inc., which develops and delivers mobile security solutions which enable two-factor authentication credentials. Cyphercor's mobile-based approach offers unprecedented capabilities to smartphone and tablet users and security conscious organizations. Cyphercor helps users and organizations meet or exceed their security and business goals by providing mobile solutions that: protect digital identities with encryption and safe transactions deliver free and easy to use apps to access cloud and business applications deploy and enable in minutes For more information, visit www.logintc.com or email sales@cyphercor.com Copyright 2012 Cyphercor Inc. All rights reserved. and its families of related marks, images, and symbols are the exclusive properties of Cyphercor Inc. Adding Stronger Authentication for VPN Access Control 7