Protect company’s data from rogue access

by Hans @pixabay

by Hans @pixabay

Your sales force and field service people are on the road to find new customers and to fulfill your customers orders.

In order to provide infrastructure services for them, you grant access to your employees using a VPN. The employees can access important intranet data via VPN (e.g. financial data, quotes, project data, the latest developments pending for the market launch and other confidential information). Your employees need this information to support for your customers in the best possible way. But don’t worry, you are already using modern VPN technology.

But the access to your VPN is granted either by a single client certificate which is installed on the employee’s notebook oder with a simple password.

In case the notebook is lost or stolen or in case the password is read from the post-it or captured by a trojan or a binocular, an attacker has access to all your sensitive and valuable information.

In order to further increase security, NetKnights recommends using two factor authentication to protect the VPN access. In this case, loosing the notebook or capturing a password does not automatically result in the attacker being able to breach the VPN. It is not enough for the attacker to steal a password to get access to your company’s data unnoticed. To gain access, an attacker would have to steal the password and the additional, unique security token of the employee. The security token can be a smartcard, a smartphone or an OTP token. As the attacker does not have access to the security token, he can not gain access with only the stolen password.

You can setup such a scenario using privacyIDEA. This way you can choose between a great variety of different authentication objects to fulfill your unique requirements.