Auth Shield-How to secure an SSL VPN with one-time passcodes and mutual authentication

To eliminate the need of complex configurations and deal with unwanted confusions SSL-based VPNs were designed for the PC. All this took place before the dangers of public Wi-Fi networks and tougher regulatory requirements came into being. With increase in availability and use of Wi-Fi networks, many attacks that were difficult are now quite simple. Even when the system is completely authenticated and protected by the OTP system i.e. One Time Password system it can be hampered. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless. Within the allotted time this man in the middle can easily feed the One Time Password into the SSL- based VPN by Two Factor Authentication Provider india

To avoid this attack or to protect your system from this type of attack mutual authentication is required. It means that the website is authenticated and validated to the main user and the user is also validated to the website. Configuring the WiKID is a Strong Authentication System to provide strong, mutual authentication for SSL-Explorer. To make working and authentication easy, you should be using the VMware versions of both SSL-Explorer and WiKID. VPNs protect data and applications transmitted over network by creating a secure tunnel between the host and remote access point.But they do not control this access form one of the tunnel to another.

Only the authorized users and strong user authentication system will be helpful in securing the SSL VPN 2 Factor Authentication System. Authentication system will add an incremental level of security to protect the VPN from intrusion. On the other hand to create a counter-based one-time password (OTP), a user will enter their PIN into the application and generate an OTP to validate the requested transaction. Longer OTPs make a system more secure. The suggested minimum OTP length in the system is defined as per the software which you are using. This can be another way to secure your system. The SSL VPN servers are always on high alert as they are the most vulnerable area.

Client certificates provide superior defense in terms of OTP devices, once they are authenticated and validated the threat takes a back seat. In a nutshell, it is because certificate authentication requires mutual authentication/verification. That means that neither party trusts the other one, mutual authentication is required every time nor that creates a barricade in between direct link up without any trouble. The clients can verify the identity of the SSL VPN head end through the certificate. With time the need of finding the right kind of ways to protect the system has increased, it is very important to hold firm grip in the critical areas of importance and SSL VPN is the need of every company so protecting it is very crucial.

I am Technology Evangelist. I am part of the core team of Authshield Labs and have been actively involved in research on information security vulnerabilities.