1. VPN

2. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN client

3. CONFIDENTIAL Introduction VPN – Virtual Private Network A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer or network-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network

4. CONFIDENTIAL Activity

5. CONFIDENTIAL Types of VPN VPN can be classified into 2 types: Remote access Site to Site Mostly use VPN client on PC Use to access one or more application (mail / Intranet) User based access Will use secondary authentication (Tokens) Mostly use Hardware firewall / Router to create a VPN. Established between 2 office or locations over internet. Authentication could be stored in devices or use certificates.

6. CONFIDENTIAL Tokens and there Types A VPN token is a type of security mechanism that is used to authenticate a user or device on a VPN infrastructure. A VPN token works similarly to a standard security token. It primarily provides an additional layer of authentication and security within a VPN. A VPN token is typically enabled by two-factor authentication, where the end user not only provides a password but also authenticates the device. This is done to ensure that the user connects with a VPN only through an authorized device. A VPN token can be hardware or software based, however, most VPNs use software tokens to authorize remotely connected users. Hard Tokens Soft Tokens

7. CONFIDENTIAL RSA RSA SecurID provides world-leading two-factor authentication, protecting 25,000 organizations and 55 million users. RSA SecurID extends security to bring your own device (BYOD), cloud, and mobile as well as traditional virtual private network (VPN) and web portals. The RSA SecurID authentication mechanism consists of a "token" — either hardware (e.g. a USB dongle) or software (a soft token) — which is assigned to a computer user and which generates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded random key (known as the "seed"). The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. On-Demand tokens are also available, which provide a token code via email or SMS delivery, eliminating the need to provision a token to the user.

8. CONFIDENTIAL How Tokens Work RSA SecurID architecture has three components: the RSA Authentication Manager, Agents, and Authenticators (tokens). Using the example above, Windows would act as an agent of RSA. When John logged in, Windows would read the login and transmit it to the RSA Authentication Manager. The RSA Authentication Manager will evaluate the authentication request, looking up John’s username to see his associated tokens, then check to see if the token code is the same as it calculates internally, and ensuring the PIN is correct. If any of these three pieces of information is wrong (username, token code, PIN), the authentication attempt will be rejected. If everything is correct, the Authentication Manager will send a message to the agent (Windows) that the authentication is successful. The RSA manager holds master timing information and shared secrets (seeds) between itself and the token. Tokens usually change every 60 seconds.

9. CONFIDENTIAL How to login via VPN Client Brower Based Client Application Based

10. CONFIDENTIAL Thank You