Keeping your VPN protected

Similar documents
Keeping your VPN protected. proven. trusted.

ESET Secure Authentication

Data Leak Prevention

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Hosting Topology. CensorNet MFA (formerly SMS Passcode)

Why ESET. We help more than 100,000,000 users worldwide to Enjoy Safer Technology. The only vendor with record-breaking protection

ESET SECURE AUTHENTICATION. Microsoft RRAS with NPS PPTP VPN Integration Guide

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

ESET SECURE AUTHENTICATION. Juniper SSL VPN Integration Guide

Flexible, robust, easy and thorough authentication

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Endpoint Protection. ESET Endpoint Antivirus with award winning ESET NOD32 technology delivers superior detection power for your business.

DIGIPASS Authentication for NETASQ

DIGIPASS Authentication to Citrix XenDesktop with endpoint protection

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

DIGIPASS Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for Check Point VPN-1

SMS PASSCODE 2017 CLOUD EDITION ADMINISTRATOR S GUIDE REV. 1.0 (OCTOBER 2017)

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Enterprise Guest Access

VMware Identity Manager Administration

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

NetScaler Radius Authentication. Integration Guide

Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

Endpoint Protection. ESET Endpoint Antivirus with award winning ESET NOD32 technology delivers superior detection power for your business.

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

SafeNet Authentication Service

Establishing two-factor authentication with Cisco and HOTPin authentication server from Celestix Networks

BlackBerry 2FA. Datasheet. BlackBerry 2FA

A comprehensive security solution for enhanced mobility and productivity

DIGIPASS Authentication for O2 Succendo

Azure MFA Integration with NetScaler

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Cisco ASA

Configuring User VPN For Azure

Implementation Guide for protecting. SonicWall Security Appliances. with. BlackShield ID

Yubico with Centrify for Mac - Deployment Guide

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Integration Guide. SafeNet Authentication Service. SAS using RADIUS Protocol with WatchGuard XTMv. SafeNet Authentication Service: Integration Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

1. Introduction. 2. Why Mi-Token? Product Overview

Integration Guide. SafeNet Authentication Manager. Using SafeNet Authentication Manager with Citrix XenApp 6.5

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Citrix NetScaler 10.5

QVPN Virtual Private Network. Secure network experience

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

DIGIPASS Authentication for Check Point VPN-1

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

XenApp, XenDesktop and XenMobile Integration

ISA 2006 and OWA 2003 Implementation Guide

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

CA Adapter. CA Adapter Installation Guide for Windows 8.0

Two-factor Authentication: A Tokenless Approach

QNAP VPN (Virtual Private Network) Secure network experience

Secure your business. Use DIGIPASS two-factor authentication. The world s leading software company specializing in Internet Security.

QUICK START GUIDE. Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / Home Server Click here to download the most recent version of this document

Cisco Vpn Client User Guide For Windows Chapter 2

DIGIPASS Authentication for F5 BIG-IP

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

NetConnect to GlobalProtect Migration Tech Note PAN-OS 4.1

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

FOR macos. Quick Start Guide. Click here to download the most recent version of this document

Adaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ESET SECURE AUTHENTICATION. Product Manual

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Citrix GoToMyPC

for businesses with more than 25 seats

Partner Information. Integration Overview. Remote Access Integration Architecture

Barracuda Networks SSL VPN

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Pulse Policy Secure. Identity-Based Admission Control with Check Point Next-Generation Firewall Deployment Guide. Product Release 9.0R1 Document 1.

BlackBerry Enterprise Identity

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Welcome to Adobe. This document will help you with initial account setup and password reset.

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for VMware Horizon 6

FortiAuthenticator - Two-Factor Authentication for Web Applications Solution Guide VERSION 1.0

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Built without compromise for users who want it all

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

SafeNet Authentication Service

SurePassID Local Agent Guide SurePassID Authentication Server 2016

SafeNet Authentication Service

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10 for App and Desktop Solutions. Version: Demo

VMware Horizon Workspace Security Features WHITE PAPER

for businesses with more than 25 seats

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

"Charting the Course... MOC 6435 B Designing a Windows Server 2008 Network Infrastructure Course Summary

Secure Upgrade Plus. Customer Advantage Program. Secure Upgrade Plus. Customer Loyalty Bundles. Address other business needs

Bolster Your IR Program. Eric Sun, Solutions Mgr, Incident Detection &

Transcription:

Keeping your VPN protected

Overview The increasing use of remote access is driving businesses to look for an easy to manage, secure solution for providing access to sensitive company assets. To meet that need, ESET offers a simple, affordable VPN solution for companies of all sizes. ESET Secure Authentication helps businesses to secure access to their data. Any organization can set up this two-factor authentication in just 10 minutes and reduce the risk of data breaches caused by weak or stolen passwords. ESET uses award-winning NOD32 technology to secure business IT infrastructure across all major operating systems. It offers a way to provide strong authentication through this class of VPN device, using One Time Passwords (OTPs) generated by an app on the user s mobile phone. ESET Secure Authentication combined with your VPN gives you easy, ultra secure remote access everywhere and any time. The solution consists of the server side and the client side, the latter being a mobile app. The authentication options include Push Authentication, as well as generating and delivering one-time passwords (OTPs) via the mobile app, but also via SMS messages or your organization s existing hardware tokens.

The Problem Businesses are increasingly being asked to offer remote access to corporate applications and resources, whether by mobile workers, small branch locations or partners and customers. True network security requires multiple elements and many of these are provided via a growing number of VPN appliances. However, as static passwords are widely known to be non-secure and easy to compromise, many security experts recommend supplementing the built in user authentication of these devices by adding a second authentication factor. ESET Secure Authentication integrates with all major VPNs to provide two-factor user authentication, ensuring strong security for the corporate LAN and central resources. Two-factor authentication (2FA) is an authentication method which requires two independent pieces of information to establish a user s identity. 2FA is much stronger than traditional password authentication, which requires only one factor. This document presents an overview of how quick and easy 2FA configuration is for these devices. Individual in-depth integration guides for each VPN device are available via the links at the end of this document or by searching the ESET Knowledge Base for the name of the VPN appliance. The Solution ESET Secure Authentication can be easily deployed to supplement existing VPN devices, adding strong authentication without any significant change to the VPN configuration. The standard authentication method for the majority of VPN devices is based on either LDAP, RADIUS or local authentication. ESET Secure Authentication uses RADIUS as an external authentication method for your VPN device. After configuring ESET Secure Authentication and your VPN correctly, you will have eliminated the weakest point of any security infrastructure the use of static passwords, which are easily stolen, guessed, reused or shared. Benefits ESET Secure Authentication offers the following benefits in combination with your chosen VPN appliance: 1. Greatly enhanced security requiring two independent pieces of information for authentication. 2. Reduced risks from weak passwords. 3. Minimal time needed for training and supporting users. 4. Easy to implement into your network.

How does 2FA work with ESET Secure Authentication? Two-factor authentication requires the use of a third-party authentication service. The authentication service consists of two parts: 1. An ESET Secure Authentication RADIUS Server running in your Windows Network where an administrator can use Active Directory Users and Computers (ADUC) to configure users 2FA settings. 2. A mobile application (for all mobile operating systems) running on the user s mobile phone, which is used to generate OTPs for each authentication attempt. Alternatively, OTPs can be delivered on-demand by SMS. Once enabled for 2FA, a user must enter a valid OTP in addition to their static password to gain access. They receive these 6-digit codes from the app running on their mobile phone codes which can be generated without the phone being connected to a network. The static password is forwarded via the VPN to the back end (Domain Controller) to verify that the static password is correct. The OTP is forwarded and checked against the ESET Secure Authentication Server running on the network. Only if both are correct is the user authenticated. Your VPN with ESET Secure Authentication One Time Password Internal Company Network VPN connection e.g. SSL, IPSec, L2TP Application Servers FTP User s Computer VPN Appliance Standard Password ESET Secure Authentication Server Domain Controller

Technical specification General overview RADIUS authentication with ESET Secure Authentication operates in the following way: 1. A remote user initiates a connection to the VPN. 2. The VPN appliance gathers the user s ID, static password and OTP and submits these credentials to the ESET Secure Authentication RADIUS server. 3. The server marshals the credentials to the ESET Secure Authentication Core Authentication Service. 4. The Authentication Service authenticates the static password against AD, and the OTP against the secret data stored on the user s AD account. 5. The VPN appliance then grants the authenticated user access to the company network. VPN authentication with ESET Secure Authentication Your VPN s main purpose is to secure remote connections. It can perform the authentication for this against an external service using the RADIUS protocol this allows the ESET Secure Authentication RADIUS Server to function as a back-end service for your VPN. Users will be authenticated first by the ESET Secure Authentication Server, which can be linked to Active Directory in the back-end. In effect the ESET Secure Authentication Server is deployed in between the VPN and Active Directory. This means that ESET Secure Authentication receives all authentication requests from your VPN. The OTP with the authentication requests will be verified by the ESET Secure Authentication RADIUS Server. The Server will relay the static password to the back-end (RADIUS Server or Active Directory) for verification if required. After a successful verification, a RADIUS ACCESS-ACCEPT message will be sent to the VPN for the authentication response. Prerequisites for securing your VPN with ESET Secure Authentication VPN Prerequisites A VPN with a working setup is an essential prerequisite for securing your VPN with ESET Secure Authentication. It is important that this is working correctly before you begin implementing ESET Secure Authentication. Active Directory Active Directory must already be set up it will be used as the back-end authentication for users static passwords. User accounts must also have been created in Active Directory. ESET Secure Authentication Server ESET Secure Authentication must be installed on the Active Directory Domain. ESET Secure Authentication ships with a standalone RADIUS server, so it has everything you need to add 2FA to your VPN.

Integration Guides Guides are available on the ESET Knowledge base for: Barracuda Check Point Software Cisco ASA IPsec Cisco ASA SSL Citrix Access Gateway Citrix Netscaler Citrix XenApp server Cyberoam F5 Firepass Fortinet Fortigate Juniper Microsoft RRAS Microsoft RRAS with NPS Microsoft Forefront Threat Management Gateway Netasq OpenVPN Access Server Palo Alto Sonicwall VMWare Horizon View FREE U.S.-BASED TECHNICAL SUPPORT As an ESET customer, Do More with the help of our technical support team. 1999-2017 ESET, LLC, d/b/a ESET North America. All rights reserved. ESET, the ESET Logo, ESET android figure, ESET SMART SECURITY, ESET CYBER SECURITY, ESET.COM, ESET.EU, NOD32, SysInspector, ThreatSense, ThreatSense.Net, LiveGrid and LiveGrid logo are trademarks, service marks and/or registered trademarks of ESET, LLC, d/b/a ESET North America and/or ESET, spol. s r. o., in the United States and certain other jurisdictions. All other trademarks and service marks that appear in these pages are the property of their respective owners and are used solely to refer to those companies goods and services.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback