Two Factor Authentication for VPN
1 like678 views
The document outlines Arrayshield's two-factor authentication solution, IDAS, designed to enhance VPN security for remote access by using a unique pattern-based authentication system. This innovative approach mitigates the vulnerabilities of traditional username and password methods by employing a one-time-secret-code for each login transaction, ensuring that only authorized users can access organizational assets. Additionally, IDAS integrates seamlessly with existing infrastructures, supports multiple VPN providers, and offers scalability and ease of deployment for varying organizational needs.
Two Factor Authentication for VPN
- 1. Two-Factor Authentication Solution for VPN Two-Factor Authentication Solution for VPN Problem with existing VPN authentication For a successful business, organizations must provide their employees with secure remote access. The preferred way for companies to allow secure remote access is via a Virtual Private Network (VPN) over existing Internet connections. Although, VPN technology ensure the privacy of data transmission over public domain by creating an encrypted “tunnel” through the public network, but do not strongly protect unauthorized access to the organization’s assets. This happens because simple username and password is used to protect the access to most VPNs. So, information that is secure while in transit may just be ending up in the wrong hands at its final destination. Solution ArrayShield innovative two factor authentication system - IDAS provides a simple and secure remote access to Organization’s network infrastructure using VPN technology. By using its innovative pattern based authentication it provides One-Time-Secret-Code for every login transaction. In IDAS every user is shown with a matrix on the VPN login screen which is populated with random characters for every transaction. User has to choose a pattern which is a sequence of cells in the matrix and should register the same with the system prior accessing the VPN. A translucent card is provided to each user which has a similar structured matrix with transparent and opaque cells and some random characters imprinted on the opaque cells. Each card is unique in terms of the position of the opaque cells and the characters imprinted on them. At the time of accessing the resource through VPN the user is shown with the randomly populated matrix as a challenge. The user overlaps the translucent card on the shown matrix and will key in the characters present in the chosen pattern in the same order as a response. These characters form the One-Time-Secret-Code for the user for that transaction. The ArrayShield server verifies the user credentials by comparing user’s registered pattern and the pattern values entered by the user. Access is given to the user if the user credentials are valid. ArrayShield | info@arrayshield.com Page 1
- 2. Two-Factor Authentication Solution for VPN The ArrayShield IDAS VPN solution is designed to integrate with your existing infrastructure to minimize downtime and to reduce huge deployment costs that other solutions have. IDAS works with all the top VPN providers, including Juniper, Fortigate, Check Point, Sonicwall, OpenVPN, Cyberoam and WatchGaurd. The convenient web management console gives administrators an added tool that makes managing accounts easier. Integration Flow The following diagram shows how an VPN server can be integrated with ArrayShield IDAS two factor authentication to secure access through VPN. Figure: Integration flow diagram for the VPN authentication with ArrayShield IDAS ArrayShield | info@arrayshield.com Page 2
- 3. Two-Factor Authentication Solution for VPN Features Innovative Technology ArrayShield IDAS is patent pending (globally) and has won several awards/recognitions in various forums for its innovative concept. High Level of Security ArrayShield IDAS product leverages advanced Encryption methodologies (like Industry Standard AES (128/192/256 bit) algorithms as well as in-house developed advanced cryptographic techniques) and follows Industry Standard Guidelines and Best Practices. Ease of Use ArrayShield is based on user-intuitive patterns which are easy to remember than complex passwords than can be easily compromised. Easy to Integrate ArrayShield IDAS product will seamlessly integrate with existing enterprise environments with improved user experience. No expertise is required for integration. Interoperable System ArrayShield IDAS can also be configured as add-on module with various products of leading technology players. Support is available for SAML, LDAP, RADIUS, TACACS protocol etc. Easy to Deploy ArrayShield IDAS can be easily deployed in days (not in weeks) because of easy-to-configure API based system. Easily Customizable ArrayShield IDAS can be easily customized to the unique needs of every organization. Once deployed, organizations can also configure the security strength and mechanism to the amount of risk involved in the user’s role and usability requirements. Highly Scalable ArrayShield IDAS can be easily scaled with huge user population without affecting the performance and usability. ArrayShield | info@arrayshield.com Page 3
- 4. Two-Factor Authentication Solution for VPN Benefits Low Total Cost of Ownership ArrayShield IDAS provides Strong Authentication at a fraction of cost of traditional alternatives. Minimal Cost is incurred during purchase as well as maintenance. As there is no need of having costly hardware tokens or transactional costs incurred because of SMS etc, ArrayShield’s Product provides lowest Total Cost of Ownership. No costly server hardware needed. Mobility of the user As ArrayShield uses a simple plastic card that can be carried on the go, it doesn’t have any dependencies. Hence user will be able to access the application any-time, any-where. Provides peace of mind Protects Organizations and customers from Online Identity and data theft, hence provide peace of mind. Provides Compliance with regulations Regulatory agencies agree that passwords are a weak link and are requiring companies to implement stronger authentication. ArrayShield IDAS is a rapid, cost-effective way to comply with Industry Guidelines, Security Standards and other Industry regulations. Conclusion By using ArrayShield IDAS Two-Factor authentication solution, organizations can enable the secure remote access to their networks through VPN technology. The solution will make organizations of all sizes and complexities extend the reach of extranets to remote employees’ in-line with organization’s business strategy. ArrayShield | info@arrayshield.com Page 4