VPN or Virtual Private Networking has been around for decades and the technology has come relatively mature and secure provided it is implemented correctly (which is rarely the case).
GEN has been offering SAS (Secure Access Service) based teleworker access to our corporate customers networks for just under 5 years now and we currently have around 2500 users daily. To use SAS the teleworker has a username and password that they use to authenticate after which they are offered a number of services such as access to thin client web services, terminal services, NFS and file services, etc.
The risk however, comes when a username/password is compromised and/or when a user does something stupid like write the credentials on the laptop or save them on the desktop etc. Even with the comprehensive set of security controls within the SAS service offering we cannot protect against users behaving in a way which is likely to compromise your network security.
Introducing GEN CCS (Compound Cryptographic Service) as an add-on to SAS, CCS provides two factor or multi factor authentication using a number of methods depending on the application scenario. Some example scenario's that are currently available are detailed below:
Daily PIN as a secondary authentication factor
In this scenario, each day a randomly generated PIN code of 4 or more digits is delivered to each SAS/CCS user via text message or iMessage and this PIN code is required to access SAS after the usual Username & Password. This second factor authentication means that users will not write it down, instead preferring to keep it on their mobile device and using it on the day as required.
Qualified PIN as a secondary authentication factor
For companies more serious about security the CCS console can be provided to a team of staff who can generate a PIN code on demand, giving it over the telephone to the remote user when requested. In this scenario the PIN code can last for the session, the hour or the day. The team handling the calls and issuing the PIN codes should rely on some form of validation process to ensure the remote user is clearly identified as an active employee with clearance.
On Demand PIN Delivery
In this scenario an authenticated user on SAS is initially rejected and a PIN code generated and delivered to the mobile telephone of the user who's account was used, this PIN is then used to complete the authentication when reconnecting. PIN's generated in this way can last for the session, an hour or day as required.
These services are not for everyone, but for corporates who are increasingly conscious that network security is as critical to the business as physical security, GEN SAS and CSS get the job done.
For more information and an demonstration please contact us.