This whitepaper details how ArrayShield IDAS Two Factor authentication system can be integrated with VPN

1. Two-Factor Authentication Solution for VPN
Two-Factor Authentication Solution for VPN
Problem with existing VPN authentication
For a successful business, organizations must provide their employees with secure
remote access. The preferred way for companies to allow secure remote access is via a
Virtual Private Network (VPN) over existing Internet connections.
Although, VPN technology ensure the privacy of data transmission over public domain by
creating an encrypted “tunnel” through the public network, but do not strongly protect
unauthorized access to the organization’s assets. This happens because simple username
and password is used to protect the access to most VPNs. So, information that is secure
while in transit may just be ending up in the wrong hands at its final destination.
Solution
ArrayShield innovative two factor authentication system - IDAS provides a simple and secure
remote access to Organization’s network infrastructure using VPN technology. By using its
innovative pattern based authentication it provides One-Time-Secret-Code for every login
transaction.
In IDAS every user is shown with a matrix on the VPN login screen which is populated with
random characters for every transaction. User has to choose a pattern which is a sequence of
cells in the matrix and should register the same with the system prior accessing the VPN. A
translucent card is provided to each user which has a similar structured matrix with transparent
and opaque cells and some random characters imprinted on the opaque cells. Each card is
unique in terms of the position of the opaque cells and the characters imprinted on them.
At the time of accessing the resource through VPN the user is shown with the randomly
populated matrix as a challenge. The user overlaps the translucent card on the shown matrix
and will key in the characters present in the chosen pattern in the same order as a response.
These characters form the One-Time-Secret-Code for the user for that transaction. The
ArrayShield server verifies the user credentials by comparing user’s registered pattern and the
pattern values entered by the user. Access is given to the user if the user credentials are valid.
ArrayShield | info@arrayshield.com Page 1

2. Two-Factor Authentication Solution for VPN
The ArrayShield IDAS VPN solution is designed to integrate with your existing infrastructure to
minimize downtime and to reduce huge deployment costs that other solutions have. IDAS
works with all the top VPN providers, including Juniper, Fortigate, Check Point, Sonicwall,
OpenVPN, Cyberoam and WatchGaurd. The convenient web management console gives
administrators an added tool that makes managing accounts easier.
Integration Flow
The following diagram shows how an VPN server can be integrated with ArrayShield IDAS two
factor authentication to secure access through VPN.
Figure: Integration flow diagram for the VPN authentication with ArrayShield IDAS
ArrayShield | info@arrayshield.com Page 2

3. Two-Factor Authentication Solution for VPN
Features
Innovative Technology
ArrayShield IDAS is patent pending (globally) and has won several awards/recognitions in
various forums for its innovative concept.
High Level of Security
ArrayShield IDAS product leverages advanced Encryption methodologies (like Industry Standard
AES (128/192/256 bit) algorithms as well as in-house developed advanced cryptographic
techniques) and follows Industry Standard Guidelines and Best Practices.
Ease of Use
ArrayShield is based on user-intuitive patterns which are easy to remember than complex
passwords than can be easily compromised.
Easy to Integrate
ArrayShield IDAS product will seamlessly integrate with existing enterprise environments with
improved user experience. No expertise is required for integration.
Interoperable System
ArrayShield IDAS can also be configured as add-on module with various products of leading
technology players. Support is available for SAML, LDAP, RADIUS, TACACS protocol etc.
Easy to Deploy
ArrayShield IDAS can be easily deployed in days (not in weeks) because of easy-to-configure API
based system.
Easily Customizable
ArrayShield IDAS can be easily customized to the unique needs of every organization. Once
deployed, organizations can also configure the security strength and mechanism to the amount
of risk involved in the user’s role and usability requirements.
Highly Scalable
ArrayShield IDAS can be easily scaled with huge user population without affecting the
performance and usability.
ArrayShield | info@arrayshield.com Page 3

4. Two-Factor Authentication Solution for VPN
Benefits
Low Total Cost of Ownership
ArrayShield IDAS provides Strong Authentication at a fraction of cost of traditional alternatives.
Minimal Cost is incurred during purchase as well as maintenance. As there is no need of having
costly hardware tokens or transactional costs incurred because of SMS etc, ArrayShield’s
Product provides lowest Total Cost of Ownership. No costly server hardware needed.
Mobility of the user
As ArrayShield uses a simple plastic card that can be carried on the go, it doesn’t have any
dependencies. Hence user will be able to access the application any-time, any-where.
Provides peace of mind
Protects Organizations and customers from Online Identity and data theft, hence provide peace
of mind.
Provides Compliance with regulations
Regulatory agencies agree that passwords are a weak link and are requiring companies to
implement stronger authentication. ArrayShield IDAS is a rapid, cost-effective way to comply
with Industry Guidelines, Security Standards and other Industry regulations.
Conclusion
By using ArrayShield IDAS Two-Factor authentication solution, organizations can enable the
secure remote access to their networks through VPN technology. The solution will make
organizations of all sizes and complexities extend the reach of extranets to remote employees’
in-line with organization’s business strategy.
ArrayShield | info@arrayshield.com Page 4