Secure two factor authentication rollout using Forti-token

Problem

Our client wanted to add two factor authentication to their SSL VPN connectivity in London, Farnham and Cardiff, to add an additional layer of security following a recent ISO 27001 security audit.

Our Solution

Our client a Pharmaceutical company was using a Cisco ASA firewall, we recommend switching to Fortigate 100D firewall with full unified threat management and the SSL VPN Two-Factor Authentication module, this comes as standard on all Fortigate appliances. The two factor authentication was linked to Active Directory to maintain a single sign-on for internal users to improve security and reduce the administration.

Integrating two factor authentication can provide a higher level of protection when accessing corporate data via a VPN; it can mitigate risks of weak, static password authentication, which could lead to breaches, malware attacks and policy violations.
Two factor authentication is a verification process involving 2 steps of identification authentication. The first stage of the authentication process is usually something you know, such as a PIN or password, and the second stage is something you have, such as a phone, USB or security fob, which can generate a one-time password.
We configured a range of hardware and software Forti-tokens, which were then distributed to their users; users had the option to either have a physical token or to have an app installed on their smart-phones.

The Result

Our client was able to continue to use their SSL VPN with an additional layer of security. When logging on users would be required to enter their username, password and a one-time code generated by their soft or hard Forti-tokens.

FortiToken

Top

Call us 0333 370 2202

Or email us: [email protected]