Create Jira Ticket
This idea cannot be sent to Jira.
DURING COVID-19 IMPROVING SECURITY TOOLS ON VPN CONNECTIONS WITH TWO FACTOR AUTHENTICATOR WHILE WORKING FROM HOME
The World Health Organization (WHO) has warned people about the dangers of coronavirus, "Stay home, save lives!" Following his appeal, many institutions (with the exception of non-compulsory workers) began to manage their work from home (work from home). During COVID-19 many government agencies and the private sector have instructed their employees to perform daily duties with a VPN and Remote Access connection from home while so do the conditions for attackers. Whereas in the past, attackers used to perform such as gathering information, leakage, attack and penetration operations when trying to infiltrate a company, now in this days, it is easier to gain access to the entire company's internal network and systems by access to computer of a co-worker. By accessing to one of a network computer gathering information and attack to an organization would be so easy. There are some mentioned above known solutions to ensure, enhances and improve the security. This begs the question. Do you think a VPN connection or Secured sing in is sufficient for security? Of course, the username and password will not be enough for security. What to do when your password is seized? Selecting a second check via SMS or Authenticator is more appropriate and reliable for added security.
Define three specific objectives that you would like to achieve with your proposal.
Why Safer?
- A unique one-time password is generated for each connection with time limit.
- Real and simultaneous PIN code is required to be entered within the specified time.
- Provides protection against brute-force attacks.
- Prevents AD accounts from being locked in password attempts or incorrect password entries.
- In case of password-theft, Two Factor Authenticator provides awareness to the user by sending an alert via PIN code via SMS, Web or App.
What problems (particularly in value chain competitiveness and global disruption) are your community’s stakeholders facing due to the Covid-19 pandemic?
Why should be prefer Two Factor Authenticator (2FA)?
- User can easily define and users phones from the interface.
- Can be used for many VPN devices that support RADIUS with easy integration.
- Support from the product team for integration with different SMS providers.
- Verification can be achieved on 2 screens with Google, Microsoft or other Authenticator, and it is possible to use easy registration for users when using Authenticators.
- With LDAP support, AD integration and phones can be withdrawn from AD. In addition, with the support of LDAP group, it is possible to connect the groups you want.
- Different methods can be preferred for companies with privatizations. For example, it can be ensured that the users to be connected via SMS, Etc. pass the sponsor's approval.
Safe in your hands.
What minimum viable solution(s) are you proposing to address the challenge(s) in your community?
How TwoFactor Authenticator works with VPN?
- A second authentication can be done via SMS, web or App Authenticator by redirecting authentication to the Two Factor Authenticator on the Server or Firewall where users make VPN connection requests.
- After entering the user name and password during the VPN connection, the user is prompted to enter a PIN on the 2nd screen.
- This PIN allows users to send to registered mobile phones, Email or automatically generate PIN by user using authenticators.
- The PIN code can be sent to user’s registered mobile phones, or the user can automatically generate the PIN code using google authenticator.
- Even if the user name and password are stolen, the attacker also needs this PIN to access the internal network via VPN.
- In any case of using the user and password this method can be used by.
Share your story (your narrative)
Two Factor Authenticator. It is a security plan solution that can prevent intruders from trying to gain unauthorized access by trying to access user passwords through VPN access or remotely access or login pages.
What is Two Factor Authenticator? It is a security planning solution that prevents intruders from attempting to gain unauthorized access by attempting to gain access to user passwords through VPN access in other hand it is not only for VPN users even for every user that needs the log in, register or confirm transactions.
- Provides a second authentication via SMS. (SMS providers)
- Provides a second authentication via any web authenticator. (Google, MS, Amazon)
- Provides a second authentication via App Authenticator. (G-app, Etc.)
- Eliminates the risk of password theft for your users
The Two Factor Authenticator do not leave corporate network security in the hands of your users and minimize the risks that may arise from user’s errors. The Authenticator increase the security of personal or corporate network.
Please provide any additional relevant information that you would like to share.
How TwoFactor Authenticator works with API?
- Entrance to any web address or application can trust with this method
- Log in to web addresses or authentication uses 2FA
- Register or confirm a transactions using the PIN code have received by SMS or Authenticators
Your Final Proposal for challenge
yes
This will be a useful tool, if you can scale then it would be very useful
Useful - and mostly practised where I am.
Working from home is one thing, virtual working something else.
All the best for implementation.
While VPN is a past legacy technology since companies more an more move to the cloud using platforms such as Google GSuite and other CLoud based applications having 2FA integrated from the core, do you only address the legacy market of VPN users?
It'll be very useful
It is true, will be very useful
While COVID-19 2FA is the best way work at home in safety
way to go
Security is paramount as we speak but my question to your proposal is how you want to achieve this, are you going to integrate on existing software or what?
I will like to know how it works.
Hi Gunay,
Thanks for sharing the work above, it is clear to see the problem and solution.
Please could you elaborate on your product/service, who it will be sold to, how would it be sold to your consumer, is there a revenue stream from your product/service, what impact would your product/service have, how would you scale and grow this and who are your competitors?
Good Luck,
Sukhveer
Users tagged:
If this has not been implemented elsewhere, the must the "secret source
", that makes your idea unique. with that in mind, have you considered patenting?
Users tagged:
Status label added: Community feedback received
The idea has been progressed to the next milestone.
Gunay Abdiyeva-Aliyeva, congratulations on your new milestone.
Users tagged:
Awesome!
Status label added: Mentor feedback received
Status label removed: Mentor feedback received
Status label added: Mentor feedback received
hi Gunay, how does this stack up against available (free) MFA solutions from Google and the like? And does it require integration with existing (free) VPN solutions or can operate independently? What about costing? How do you trigger the SMS to be sent, does that require an aggregator or integration with MNOs in each country?
In the meantime, you may want to have a look at our idea and vote for it if you like it: https://cocreate.itu.int/post/3496670
Keep in mind of your target audience. Your idea is too technical,
Status label added: Expert feedback received
Hello, brilliant idea. Deploying a VPN allows the data moves securely between the company’s core systems and the devices used by employees. Other areas you can include as you develop your idea are to insure company property is safe while working from home are:-
1. Ensure complete security of your VPN
2. Use MAC binding to control which devices can access your closed company network.
3. Two-factor or multi-factor authentication is an effective way to deter unauthorized users from accessing your company network.
4. Discourage the use of third-party remote access platform.
All the best in your idea