When the pandemic forced businesses to adopt a remote working model, most welcomed the change. But one group of professionals were nervous about its implications – security personnel.
The remote workforce model introduced a host of operational and security complications. Remote staff needed a secure method of connecting to internal servers across a minimal attack surface.
This isn’t an easy problem to solve, and even today – 2 years after the onset of the pandemic – many businesses still struggle to find an optimal solution.
But an effective solution does exist, thanks to LastPass Universal Proxy.
The LastPass Universal Proxy is an on-premise software that seamlessly integrates MFA into your current VPN connection protocol.
The user authentication workflow with a LastPass Universal Proxy is as follows (see the attached diagram to visualize this process):
- A user logs in through their client.
- The connection request is forwarded to the Universal Proxy by the Application Server.
- The Universal Proxy authenticates the connection request against the primary authentication server (LDAP or RADIUS).
- Secondary authentication approval is requested from the LastPass Authentication Server.
- The LastPass Authentication Server sends the user an MFA challenge.
- The user completes the MFA challenge (which could be a biometric challenge).
- The LastPass Authentication server validates the MFA submission and sends a response to the Universal Proxy.
- The Universal proxy converts the API response to LDAP or RADIUS and send the result to the Application server.
- The user is approved or denied network access.
If you’d like a detailed breakdown of each step, let me know in the comments and I’ll send over a tutorial.
The Firewall, VPN, and LDAP authentication combination create a formidable cyber defense. But by adding MFA to this dream team – a security control that, according to Microsoft, could prevent up to 99.9% of account compromise attacks – you’ll elevate your remote workforce security to a world-class level.
Do you struggle with securing your remote workforce? I’d love to know your thoughts.