Unfortunately, VPN alone does not provide assurance that this remote workforce is who they say they are. A virtual private network that doesn’t use strong authentication isn’t that private at all. If a user’s password can be captured and used, an adversary can easily gain access to corporate information assets without anyone even knowing, as long as they have access to the VPN client software.

This becomes even more of a concern when using SSL VPNs. While easier to deploy than typical VPN solutions, SSL VPNs become easier targets for hackers as there are no special configuration or client software to install... they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive and proprietary information assets are then exposed through the use of a simple web browser.

Securing the data in transit is indeed important. That is what VPN is good at. However, reliably proving who is accessing that data... that’s the job for strong authentication.

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

VPN is used to create a secure and encrypted tunnel between the remote user and the corporate network. On initialization of the tunnel an authentication check occurs where the username and password are forwarded to the VPN server. In turn, if the credentials are valid the VPN server assigns the remote host an IP address on the local LAN and gives appropriate rights on the network.

With AuthAnvil, the user simply replaces the normal password they would provide in the login dialog with their AuthAnvil passcode, a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are sent to the VPN server, the request is forwarded to Microsoft’s Internet Authentication Service (IAS) via the RADIUS protocol and validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the RADIUS server sends back an appropriate response which informs the VPN server to grant access and assign the local LAN IP.

• Microsoft
• Cisco
• Nortel
• Sonicwall
• Watchguard
• Checkpoint
• Juniper
• NetGear

To add AuthAnvil strong authentication support to your existing VPN implementation the following prerequisites are needed:

• Windows Server 2003 or SBS 2003
• Microsoft Internet Authentication Service (IAS)
• Microsoft .NET Framework 2.0
• AuthAnvil DCOM Bridge
• AuthAnvil RADIUS Agent
• Network access to an AuthAnvil SAS
• AuthAnvil Authentication Tokens

Some highlights to the Windows Network Logon solution include:

• Identity assurance that proves that the user attempting to logon is who they say they are.
• Leverages your existing investment into Microsoft technology to deliver enterprise level security at a fraction of the price.
• Supports Microsoft’s Connection Manager and MSCHAP2 right out of the box with no client configuration requirements