Click here and schedule to have us give you a call back.

Scorpion Software Corp

Securing Virtual Private Networks

A mobile workforce is a great asset to a business, and a great liability. The use of virtual private networking (VPN) allows businesses to provide remote access to corporate information assets. Unfortunately, VPN is only as secure as the endpoints; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure VPN?

The growth of remote access for telecommuters and employees in the field has driven the use of virtual private networking (VPN) for many businesses connected to the Internet. This creates a secure tunnel between the remote worker and the corporate network to protect data in transit over an unsecure network like the Internet. This is typically done using Secure Socket Layer (SSL) or IP Security (IPSec).

Unfortunately, VPN alone does not provide assurance that this remote workforce is who they say they are. A virtual private network that doesn’t use strong authentication isn’t that private at all. If a user’s password can be captured and used, an adversary can easily gain access to corporate information assets without anyone even knowing, as long as they have access to the VPN client software.

This becomes even more of a concern when using SSL VPNs. While easier to deploy than typical VPN solutions, SSL VPNs become easier targets for hackers as there are no special configuration or client software to install... they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive and proprietary information assets are then exposed through the use of a simple web browser.

Securing the data in transit is indeed important. That is what VPN is good at. However, reliably proving who is accessing that data... that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

VPN is used to create a secure and encrypted tunnel between the remote user and the corporate network. On initialization of the tunnel an authentication check occurs where the username and password are forwarded to the VPN server. In turn, if the credentials are valid the VPN server assigns the remote host an IP address on the local LAN and gives appropriate rights on the network.

With AuthAnvil, the user simply replaces the normal password they would provide in the login dialog with their AuthAnvil passcode, a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are sent to the VPN server, the request is forwarded to the AuthAnvil RADIUS server and validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the RADIUS server sends back an appropriate response which informs the VPN server to grant access and assign the local LAN IP. 

 

Seamless VPN Integration

The AuthAnvil RADIUS Agent is installed into Microsoft's Internet Authentication Service (IAS) and integrates with any VPN server or device that supports RADIUS, including solutions from:

Prerequisites

To add AuthAnvil strong authentication support to your existing VPN implementation the following prerequisites are needed:

Key Highlights

Some highlights to the Windows Network Logon solution include: