Two Factor Authentication, 2FA, Multi factor, SSL VPN, IPSEC VPN, Deepnet, DualShield,

DualShield provides a built-in, RFC 2865 compliant RADIUS server. It supports any Network Access Server (NAS), VPN gateways or applications that employ RADIUS authentication protocol. <more>

DualShield provides 3 ways for the protection of SSL VPN's logon with multi-factor authentication, depending on the type of the SSL VPN appliance and the types of authentication methods you wish to deploy to your users. <more>

For IPSec VPN authentication, DualShield utilises one-time passwords (OTP) and does not require users to install any new software.

Users will continue to use the same VPN client as they’re using now, and simply enter a one-time password or a combination of their static password and one-time password in the place where the password is required.

vpn client authentication

DualShield provides a wide selection of portable OTP tokens in a variety of form factors, ranging from hardware tokens, software tokens, mobile tokens to USB tokens. These include:

Deepnet SafeID
Deepnet MobileID
Deepnet GridID
Deepnet CryptoKey
RSA SecurID
VASCO DigiPass Go
OATH-compliant OTP tokens

In addition to the support of one-time password, DualShield also supports on-demand password for IPSec VPN authentication. The product that provides on-demand password in the DualShield platform is Deepnet T-Pass. Deepnet T-Pass is an on-demand, token-less strong authentication that delivers logon passwords via SMS texts, phone calls, twitter direct messages or email messages.

DualShield for IPSec VPNs offers the ultimate security for VPN remote access without compromising the user’s experience.

For SSL VPN Deepnet DUALShield offers 3 different options depending on your requirements;

Almost all types of SSL VPN appliances support RADIUS authentication protocol. If you are planning to deploy one-time passwords and/or on-demand passwords only in your user base, then RADIUS authentication is the simplest solution.

The DualShield platform provides a built-in, RFC 2865 compliant RADIUS server that works with any VPN appliances or applications that support RADIUS protocol. Using RADIUS authentication means that you do not need to install authentication agent software in the SSL VPN appliance or application, which makes the solution simple to set up, configure and maintain.

Although no where near an exhaustive list, the following have been fully tested: Juniper, Cisco, Nortel, Checkpoint, WatchGuard, Aventail, SonicWave, AEP, Whale, F5.

Increasingly, more SSL VPN appliances support SAML 2.0 authentication protocol. If your VPN appliance supports SAML 2.0 and you are planning to offer authentication methods beyond one-time password, such as keystroke/voice/face recognition, device digital fingerprint and/or virtual grid cards, then SAML authentication will offer you this level of sophistication and flexibility.

The DualShield platform provides a built-in Web SSO (Single Sign-On) server that is fully compliant to SAML 2.0. To enable multi-factor authentication on your SSL VPN logon with the full range of authentication methods that DualShield offers is as simple as by connecting your SAML-enabled SSL VPN appliance to the DualShield Web SSO server.

If your SSL VPN appliance does not support SAML and you still want to offer the full range of authentication methods that DualShield provides to your users, you still can with DualShield!

The DualShield platform provides yet another server, Web Authentication Gateway. The Web Authentication Gateway is a reverse proxy server that is designed to provide multi-factor authentication to any web services without the requirement of making any changes to the server services.