Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Protecting the Home Office VPN with 2FA

03/17/2020 / 0 Comments

In the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfamiliar for most. Now is the time to protect home office setups and associated services, like VPN, with a secure 2FA.

The following article gives an overview on what you can do to secure your employees, data and business information from outside attacks in this special situation

Securing your VPN Setup with 2FA

One of the most effective home office tools is a VPN setup. With a VPN, the employees can access their work station from home, without transferring files. For the employee, it’s just like logging into his work station locally, but from the comforts (and safety) of home.

A VPN setup is only convenient, if it’s secure. Especially now, with hundreds of users working from the home office for the first time and VPN setups that need to be set up quickly to ensure a consistent work, security attacks are just a matter of time. Protect your employees and company data by securing the VPN login with 2FA, and set your home office work schedule up for success

The distinct SecSign ID authentication works as follows:

  1. The user logs into the VPN service with his user name and password. If user name and password are correct the SecSign ID is automatically retrieved.
  2. The VPN Service sends an authentication request for the identified SecSign ID to the ID Server.
  3. The ID Server sends a push notification to the users device.
  4. The user confirms the login in the mobile app. The app forwards the information to the ID Server to approve the login.
  5. The VPN service reviews the authentication session and the ID server confirms the admission.
  6. The user gains access to the service.

abstract-authenticationv5-1

Securing your internal and external users

Ideally, your internal and external users are automatically prompted to perform the most secure authentication for their account at any given time. A user coming into office and working from the same work station only he has access to does not need to authenticate securely every time he leaves for a cup of coffee. But if that same users starts working from home, you want to make sure only he can access sensitive information.

This can be realized with the SecSign ID IP-Range and Device recognition.

Activate 2FA for user groups and limit 2FA to outside DMZ

Your users need to authenticate with 2FA outside of the company but only need to provide a password for authentication at their workplace (e.g. in order to allow access within the company network a password is required. However, all external access must login by using a 2FA).
Based on the IP range it is determined if a user is within a safe range or not, for example a home office. If he logs in from for example home or on the go, additional 2FA is required to prevent unauthorized access. This feature can be set up conveniently in the administrator panel.

The IP-Range settings and device recognition settings can be used for all Atlassian setups, portal setups and most other SecSign ID plugins.

Protecting all access points with Multi-Factor Authentication SSO

If your users need to access several services during their work day, the most convenient setup is aSSO login protected with multi-factor authentication. The users authenticate once with the SecSign ID 2FA app and can conveniently access all services. Access can be realized both by integrating the SecSign ID plugins and SAML connections for cloud services. You can mainstream user and employee security without wasting energy and time on every single service and access point. Simplify the login while providing the best security, all in one step. No need to worry about more than absolutely necessary.

More information

What is SecSign ID Two-Factor Authentication? Have a look at our Demo Login and Demo Enrollment to get an idea about the authentication procedure. We offer plugins for most setups, and we customize the authentication procedure to fit your requirements and design.

Contact us for more information
Do NOT follow this link or you will be banned from the site!