VPN/Direct Access

Reinforce the security of your VPN or DirectAccess

VPN and DirectAccess are the most common methods to remotely connect to internal networks and systems.

Whether an employee is working from home or on the road, users have the ability to open full data connections to either select systems or entire networks.

While password protection can offer a basic level of access restriction, weak or socially-engineered passwords and single-factor authentication can invite unauthorized access to wireless data and networks. Though conducive to enabling workforce agility, the use of VPN or DirectAccess without proper user authentication and authorization can pose potential security risks.

VPN and DirectAccess security risks

Requiring passwords for this connection provides only a basic level of assurance the access is from an authorized endpoint, since a leaked or guessed password will grant network entry to any malicious user. High assurance security comes from multi-factor authentication in which the user and the device have been secured by a cryptographically-sound digital certificate and credentials cannot be copied or moved to another device.

How can CSS help ensure the security of your VPN or DirectAccess?

  • Ensure uptime of VPN routers/servers by tracking their certificate validity and expiration
  • Centralize reporting and alerting on impending client certificate expiration Issue certificates to users on Windows, Windows phone, Linux and other operating systems
  • Issue certificates to users on iOS, Mac and Android devices
  • Deliver certificates with on-device key generation (ODKG) and support non-repudiation
  • Centrally monitor PKI operations and VPN certificates across multiple vendors and operating systems
  • Implement demonstrable and fully auditable security operations

How PKI and digital certificates boost the security of your VPN and DirectAccess

  • Digital certificates augment authentication processes based on user credentials, and improve security posture by decreasing your attack surface
  • Certificates used for authentication can be set as non-exportable, ensuring that only authorized users, on authorized devices, are able to connect to private networks
  • VPN routers/servers accept digital certificates to authenticate both users and trusted devices, leading to a more secured connection to private networks
  • PKI is a high assurance proven technology for digital certificates.
  • A well-managed PKI can issue, deliver, revoke, track and update certificates on an as needed basis

CSS solutions to help address VPN and DirectAccess security risks

  • Establish your own PKI to issue your own scalable and flexible, low-cost trusted digital certificates
  • Efficiently manage millions of certificates to ensure your systems are accessible 24/7
  • Let the experts at CSS manage your trusted PKI environment for you

Connect with us for further insight on enabling VPN or DirectAccess security.