bluebay2014 - Fotolia
Simple passwords used to log in to a corporate network via a VPN offer minimal security. An added layer of security is two-factor authentication, which combines two methods to substantiate the identification of a user.
Two‐factor authentication makes use of at least two types of authenticating data from three different attributes -- something you know, like a password, PIN or certificate; something you have, such as a token, phone or smart card; or something you are, like a fingerprint, face recognition or iris scan.
Through these methods, users have the convenience of anywhere‐anytime access without exposing the network.
Within these methods, certificates are very useful within a VPN. A certificate is a public or private key that can include various data points, such as issuer, expiration date and address -- all information that is known and integrated within a VPN. Primarily used for encryption for secure web browsing, certificates rely on a public key infrastructure (PKI) to create, manage, distribute and revoke certificates.
PKI uses a pair of keys: a public key, plus a private key for authenticating the user. Because certificates are based on asymmetric -- rather than symmetric -- cryptography, they provide a higher level of security, compared with passwords. But, nevertheless, VPN managers must contend with PKI problems.
Identifying PKI problems
While PKI offers an added layer of security, integrating certificates with a VPN can be complex to deploy, manage and scale. PKI consists of policies and procedures needed to create, distribute or revoke digital certificates while managing public key encryption.
That complexity can lead to PKI problems, given most PKI deployments are comprised of several systems, compounding the need for centralized management.
Without a comprehensive management layer, distributing, verifying, revoking and renewing certificates within a VPN can be time-consuming and chaotic.
Standardized interfaces allow you to import data from directory services tools, as well as from identity and access management systems. This allows you to synchronize the VPN with an identity management system to ensure compliance, roll out software updates and patches, and configure licenses and certificates.
Though not all authentication methods are flawless, they are necessary. Overall, every business should use PKI in conjunction with their VPN to keep confidential information safe and secure.
Security: Are you behind the curve?
Comparing VPN security risks
Understanding SSL and IPsec
Dig Deeper on Network Access Control
Related Q&A from Julian Weinberger
How should cybersecurity-enforcement efforts adapt as digital assistant devices become more pervasive in business enterprise networking to safeguard ... Continue Reading
Public hotspot security needs to be carefully considered by IT departments and traveling professionals to prevent breaches of sensitive corporate ... Continue Reading
VPN evolution has seen a shift in connectivity -- from point-to-point to sophisticated, multipoint connectivity systems. Continue Reading