Improving VPN Security with Adaptive Authentication for RADIUS

Jim Goodrich
November 29, 2016

Get the latest from the SecureAuth Blog


At SecureAuth, we know that constant innovation is needed in security to stay ahead of the evolving threat landscape. Recently, we added some crucial features to our RADIUS server support: IP based threat detection, Geo-Location, and Geo-Velocity – all parts of SecureAuth adaptive authentication. The reason is simple, to stop attackers from using stolen credentials to access critical resources like a corporate VPN.

To understand why these features are crucial to a security strategy, let’s look a little deeper into the anatomy of an attack.

It is well accepted that a majority of data breaches involve the use of stolen credentials. Often phishing attacks or malware are used to steal passwords. Attackers then use these to walk straight in through your front door, the VPN. As a result, companies have rushed to implement multi-factor authentication. This is sound advice, but is it enough?

In recent news we have seen an increasing number of multi-factor methods be defeated. SMS compromises have received the wealth of the media attention. Knowledge-based questions and answers can be easily social engineered with a couple browser searches. Even more secure methods, such as push-to-accept using mobile apps, are prone to user error. Imagine a user accidentally accepting a request they didn’t originate? This all comes back to the core point, stop the attacker before they get this far!

The SecureAuth Threat Service and location-based adaptive authentication features address this challenge. Corporate VPN’s configured to use RADIUS server can send a specific RADIUS attribute known as “calling-station-id”. This is the source IP address of the connecting user. SecureAuth can now perform multiple-layers of risk analysis including:

  • IP Reputation: The source IP address can be evaluated against the SecureAuth Threat Service. This is a combination of multiple threat intelligence databases (more than 115 million nodes and 11 million threat sensors) for the best-of-breed protection from today’s threats including APT, Cyber Crime, Hacktivism, anonymous proxies, and anonymity networks.
  • Geo-Velocity: The source IP address can be tested to ensure an impossible travel event has not occurred. For example, if a user logs in from Massachusetts at 9AM, they cannot log in from across the world an hour later.
  • Geo-Location: The source IP address can be tested to ensure it comes from approved countries or IP ranges associated with their employees or customers.

In aggregate, these features dramatically reduce your VPN’s attack surface. Attackers attempting to use stolen credentials to get VPN access get blocked at the initial authentication request and allow you to gain intelligence on which credentials have been compromised. We can even share this data with your SIEM or Security Operation Center (SOC) to correlate with other data and accelerate remediation.

At SecureAuth we are committed to preventing the mis-use of valid credentials and providing a multi-layered protective shield around your organizational resources. The more layered risk checks you do, the less chance an attacker gets through.

Learn more about Adaptive Authentication and the innovative steps SecureAuth is taking to secure access controls.

Related Stories

Pin It on Pinterest

Share This