Story image

Forget your VPN password

31 Mar 15

The increasing use of remote access is driving businesses to look for an easy-to-manage, secure solution for providing access to sensitive company assets.

Businesses looking for ways to keep their sensitive information secure need to look beyond passwords as the chief method to protect users and their data.

“Businesses are increasingly being asked to offer remote access to corporate applications and resources, whether by mobile workers, small branch locations or partners and customers,” says Geoff Cossey, CEO and managing director for Chillisoft, the New Zealand distributor for ESET.

He says true network security requires multiple elements and many of these are provided via any of a growing range of VPN appliances.

 “As static passwords are widely known to be non-secure and easy to compromise, many security experts recommend supplementing the built-in user authentication of these devices by adding a second factor or strong authentication,” Cossey says.

Two-Factor Authentication (2FA) is an authentication method which requires two independent pieces of information to establish a user’s identity. 2FA is much stronger than traditional password authentication, which requires only one factor.

There are a growing number of easy-to-configure and affordable VPN solutions offering both remote access and in some cases Unified Threat Management to companies of all sizes – from small and medium businesses to enterprises.

ESET Secure Authentication

ESET Secure Authentication integrates with all major VPNs to provide two-factor user authentication, ensuring strong security for the corporate LAN and central resources.

ESET, with its NOD32 technology, secures business IT infrastructure across all major operating systems. “It offers a way to provide strong authentication through this class of VPN device, using One Time Passwords (OTPs) generated by an app on the user’s mobile phone,” Cossey explains.

The OTP solution ESET Secure Authenticator gives solution architects and administrators a simpler, more secure option to the traditional Password. ESET's solution can be implemented on most firewalls, webmail, terminal server, RDP and any Radius-based web authentication system. 

“ESET Secure Authentication combined with your VPN gives you easy and ultra secure remote access – everywhere and any time,” says Cossey.

ESET Secure Authentication can be easily deployed to supplement existing VPN devices, adding strong authentication without any significant change to the VPN configuration.

“After configuring ESET Secure Authentication and your VPN correctly, you will have eliminated the weakest point of any security infrastructure - the use of static passwords, which are easily stolen, guessed, reused or shared,” Cossey adds.

How it works

Your VPN’s main purpose is to secure all kinds of SSL-VPN connections,” says Cossey. “It can perform the authentication
for this against an external service using the RADIUS protocol, allowing the ESET Secure Authentication RADIUS Server to function as a back-end service for your VPN.”

Users will be authenticated first by the ESET Secure Authentication Server, which can be linked to Active Directory in the back-end.

“In effect the ESET Secure Authentication Server is deployed in between the VPN and Active Directory,” Cossey says. “This means that ESET Secure Authentication receives all authentication requests from your VPN .”

For more information on the ESET Secure Authentication, click here.

Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.