Our client wanted to add two factor authentication to their SSL VPN connectivity in London, Farnham and Cardiff, to add an additional layer of security following a recent ISO 27001 security audit.
Our client a Pharmaceutical company was using a Cisco ASA firewall, we recommend switching to Fortigate 100D firewall with full unified threat management and the SSL VPN Two-Factor Authentication module, this comes as standard on all Fortigate appliances. The two factor authentication was linked to Active Directory to maintain a single sign-on for internal users to improve security and reduce the administration.
Integrating two factor authentication can provide a higher level of protection when accessing corporate data via a VPN; it can mitigate risks of weak, static password authentication, which could lead to breaches, malware attacks and policy violations.
Two factor authentication is a verification process involving 2 steps of identification authentication. The first stage of the authentication process is usually something you know, such as a PIN or password, and the second stage is something you have, such as a phone, USB or security fob, which can generate a one-time password.
We configured a range of hardware and software Forti-tokens, which were then distributed to their users; users had the option to either have a physical token or to have an app installed on their smart-phones.
Our client was able to continue to use their SSL VPN with an additional layer of security. When logging on users would be required to enter their username, password and a one-time code generated by their soft or hard Forti-tokens.