Axient Blog

LastPass with VPN access – a technical overview

When the pandemic forced businesses to adopt a remote working model, most welcomed the change. But one group of professionals were nervous about its implications – security personnel.

The remote workforce model introduced a host of operational and security complications. Remote staff needed a secure method of connecting to internal servers across a minimal attack surface.

This isn’t an easy problem to solve, and even today – 2 years after the onset of the pandemic – many businesses still struggle to find an optimal solution.

But an effective solution does exist, thanks to LastPass Universal Proxy.

The LastPass Universal Proxy is an on-premise software that seamlessly integrates MFA into your current VPN connection protocol.

The user authentication workflow with a LastPass Universal Proxy is as follows (see the attached diagram to visualize this process):

  1. A user logs in through their client.
  2. The connection request is forwarded to the Universal Proxy by the Application Server.
  3. The Universal Proxy authenticates the connection request against the primary authentication server (LDAP or RADIUS).
  4. Secondary authentication approval is requested from the LastPass Authentication Server.
  5. The LastPass Authentication Server sends the user an MFA challenge.
  6. The user completes the MFA challenge (which could be a biometric challenge).
  7. The LastPass Authentication server validates the MFA submission and sends a response to the Universal Proxy.
  8. The Universal proxy converts the API response to LDAP or RADIUS and send the result to the Application server.
  9. The user is approved or denied network access.

If you’d like a detailed breakdown of each step, let me know in the comments and I’ll send over a tutorial.

The Firewall, VPN, and LDAP authentication combination create a formidable cyber defense. But by adding MFA to this dream team – a security control that, according to Microsoft, could prevent up to 99.9% of account compromise attacks – you’ll elevate your remote workforce security to a world-class level.

Do you struggle with securing your remote workforce? I’d love to know your thoughts.

Share it