Enterprise VPN security considerations

Remote work has become the new normal for numerous IT enterprises. Since the beginning of the COVID-19 pandemic, there has been an increased use of remote desktop and virtual private network (VPN) connections.

VPNs are an essential business tool, because they can secure your data even over a public Wi-Fi. With employees spread all over the globe accessing confidential and sensitive data, it's essential to make VPN connections more secure without compromising on employee productivity.

How VPNs work

Most organizations are likely to be familiar with VPN configurations and usage. Let's take a quick look at what goes on behind the scenes:

• A user attempts to connect to the company network through a VPN server.
• The VPN server verifies the identity of the user with the credentials available in the company's database.
• On successful verification, a secure tunnel is established between the user's device and the company network. Only encrypted data is transported through this tunnel.
• When the VPN session is over, this tunnel disbands.

Security limitations

Although the primary purpose of a VPN is to provide security and privacy, it's not perfect. VPNs do eliminate external risk, but they don't restrict unauthorized users who have successfully entered the network in any way.

• VPN hijacking occurs when an unauthorized user takes over the VPN connection from a remote client.
• In man-in-the-middle attacks, the hacker plays the mediator and can therefore intercept data being transferred.
• Split tunneling occurs when a user is connected to a network through a VPN but is also accessing an insecure internet connection simultaneously.

Secure VPN logons with ADSelfService Plus

ADSelfService Plus is a unified multi-factor authentication, self-service password management and single sign-on solution that provides multi-factor authentication for endpoints including VPNs. With this solution, you can ensure that access to your company network is well-protected, as only legitimate users will be allowed inside. ADSelfService Plus supports the following authentication methods for VPN MFA:

• Push notification authentication
• Fingerprint and face ID authentication
• ADSelfService Plus time-based one time password (TOTP) authentication
• Google Authenticator
• Microsoft Authenticator
• Yubico OTP (hardware key authentication)

Other features of ADSelfService Plus

• Self-service password management: Enable users to reset forgotten passwords and unlock their accounts without involving the help desk, anywhere at any time.
• Multi-factor authentication: Secure machine logon, application logon, and VPN logon with over 15 authentication methods that can be configured in minutes.
• Single sign-on: Implement single sign-on for over a hundred major enterprise applications and custom applications from a single portal.
• Password synchronizer: Sync the Windows Active Directory user password across various platforms automatically, eliminating password fatigue.
• Password policy enforcer: Ensure strong passwords that are equipped to fight dictionary attacks, brute-force attacks, and other password threats.
• Directory self-update: Allow users to update personal information in Active Directory, freeing the help desk from this daunting and repetitive task.