2FA/MFA On RDP and SSH Applications
Activating 2FA (Two-factor authentication) or MFA (Multi-factor authentication) systems in RDP and SSH connections is of great importance in terms of increasing the security of remote access to our servers.
Servers are perhaps at the top of our critical resources that need to be protected. The most widely used protocol for remote access to Windows-based servers still remains RDP, while the most widely used protocol for remote access to Unix-based servers is SSH. Choosing only password-based access or other primary authentication methods during these connection applications causes great risks.
Policies related to frequently changing our passwords or setting complex passwords are undoubtedly effective for many attack types such as brute force or dictionary attacks, but unfortunately these methods remain ineffective in many attack scenario or attack type which is aiming to capture the credentials as it is (keyloggers, phishing attacks, man-in-the-middle attacks, social engineering attacks etc.).
Since two-factor (2fa) or multi-factor authentication (mfa) methods add extra authentication methods to password authentication, you can prevent unauthorized access to accounts even if passwords are stolen. Statistics show that multi-factor authentication prevents 99% of account hacking attacks.
SecurifyID can perform multi-factor authentication by intervening as second security layer in both the RDP protocol and the SSH protocol.
So why should you choose SecurifyID for 2FA / MFA on VPN applications?
Variety of Authentication Factors
SecurifyID supports a wide variety of factors such as Time-based OTP (TOTP), Offline OTP, Pocket Confirmation (Push Confirmation), SMS, E-mail. Especially on devices that do not support OTP, while other MFA products cannot interfere, it easily intervenes with mechanisms such as SecurifyID Mobile Approval and then performs multi-factor Authentication.
Wide Integration Capability
SecurifyID can be integrated with many different brands of VPN systems.
AD and OpenLDAP Support
SecurifyID can work integrated with Active Directory, OpenLDAP or any similar identity provider in your organization. Apart from authentication, it has many important functions such as group-based authentication, user synchronization (sync).
By using the SecurifyID management console, you can easily perform many functions listed below:
- Defining MFA ID to user mobile application remotely
- Deleting / inactivating MFA IDs remotely
- Assigning different factor types to different users (For example, the factor of a user who does not want to use mobile application can be simply drawn to SMS.)
- Canceling / enabling second factor authentication
- Access controlling with Area-based or time-based parameters such as IP addresses, location, countries
- With risk-based adaptive authentication, different action options can be done according to the risk score generated during the user’s authentication process, such as Enable MFA / Disable MFA, Block User or Log Only
Secure Mobile Application
SecurifyID Mobile Applications provide superior security to its users in the market compared to competitors by using many techniques such as Security Chain, White Box Cryptography, SSL pinning. When required, PIN login option can also be activated when accessing the mobile application. In this way, even if your phone is stolen, it will not be possible to access the application.
Security with Usability
Thanks to the advanced features of SecurifyID, it is possible to activate options that will increase usefulness such as “not doing MFA again if authentication has been achieved using the same browser or IP address within a certain period of time” or “enabling MFA according to the risk situation”. At the same time, with the configurations to be made on the mobile application, options such as “asking PIN only once a day” can be activated when accessing the mobile application.
Cloud / Hybrid / On-Prem Architecture
You can run SecurifyID completely on the cloud or completely on-prem. SecurifyID also supports Hybrid architecture. In Hybrid scenario, SecurifyID Access Gateway is deployed within the organization, and SecurifyID Backend services are located in the cloud. In this way, while the primary factor authentication using the user’s passwords is completely local, the SecurifyID Backend is only used for multi-factor authentication. Critical information of users is never being transmitted outside of the organization.
Highly Scalable and Accessible Architecture
SecurifyID works on a container-based microservice architecture. By having stateless application layer, it is possible to scale from 1 to N when necessary. It provides high accessibility thanks to the cluster system created in the data layer.
High Technical Support
Our team gives you one-on-one support during your MFA journey and intervenes immediately in case of any malfunction.