Virtual Private Network (VPN) technology, employing either the Secure Sockets Layer (SSL) or IP Security (IPSec) encryption protocol, is a common method for enabling remote access to corporate networks. Unfortunately, VPN technology alone does not provide strong authentication for accessing the corporate network. Most VPN systems verify user’s identity with only a static password, an approach that offers minimal security as passwords can be easily compromised. As a result, VPN access is leaving corporate information at risk of exposure, misuse and theft.

Strong user authentication is the only proven method for making remote access VPN secure. Unfortunately, most existing strong authentication solutions require additional hardware devices such as smart cards, USB keys or One-Time Password (OTP) hardware tokens, which are expensive to implement, deploy, manage and very inconvenient to the users.

Maintaining a balance of strong security for enterprise networks while allowing employee’s access from remote locations is essential for a successful business.

Deepnet Unified Authentication for VPN Remote Access is a two-factor authentication solution designed specifically for VPN logon, without the requirements of new hardware devices. Deepnet Unified Authentication Platform utilizes the devices users already have (computers, mobile phones, PDA etc) or the user’s behavioural biometrics (typing pattern, voiceprint), as the second factor. This eliminates the need to distribute new hardware, making the system cost effective, user friendly and simple to manage.

With the built-in RADIUS component and the support for LDAP and Microsoft Active Directory, Deepnet Unified Authentication for VPN Remote Access can be easily integrated with the customers's existing IT infrastructures.

Key Benefits

• Provides a secure and easy to use authentication solution for mobile workers.
• Ensures ease of deployment with a zero footprint authentication solution.
• Enforces positive user identification of mobile workers.
• Eliminates password-only related vulnerabilities.
• Manages user account centrally through the Management Console.
• Improves productivity for mobile workers without compromising security.
• Offers flexible choices of authentication credentials and tokens.
• Unifies authentication for all enterprise applications with a single platform.

Technical Overview

Deepnet Unified Authentication for VPN Remote Access consists of the following major components:

• Network Access Server
• RADIUS server
• Deepnet Authentication Servers
• Token Repository Server
• LDAP Directory Server (optional)

Deepnet Authentication Server and its Token Repository (SQL Server) can be installed and operating on separated machines or on a single machine, depending on the scale of the customer’s enterprise network.

Network Access Server (NAS)

Deepnet Unified Authentication Platform integrates with any NAS (Network Access Server) device that supports RADIUS, such as Cisco PIX and Juniper NetScreen.

RADIUS

Deepnet Unified Authentication Platform includes a built-in RADIUS protocol component, eliminating the need for a third-party RADIUS server.

Deepnet Authentication Server

Deepnet Authentication Server is a secure, scalable, cross-platform authentication server that centrally controls access to enterprise networks. Deepnet Authentication Server is designed to be deployable across a wide range of commonly available platforms that supports Java. Therefore, it can run on virtually any operating systems including Windows, Linux, Unix and Sun OS.

Token Repository

Deepnet Authentication Server uses a SQL database server as its token repository. It can be connected to the customer’s existing SQL server (MS-SQL 2000/2003, Oracle) or mySQL server which is included in its installation package.

LDAP Directory

Deepnet Authentication Server supports two types of user directories: internal and LDAP (Active Directory/Open Directory/OpenLDAP). Internal directory allows user identity information, such as login name, to be stored in the same database used as the token repository.

Deepnet Authentication Server supports assignment of tokens to users residing in LDAP without modification of the directory schema. User data is not imported from the directory into Deepnet Authentication Server. Instead, Deepnet Authentication Server queries the directory during the authentication process to validate the user’s status. Changes made in the directory are automatically and immediately reflected in Deepnet Authentication Server.