Educated technology customers have come to expect a lot more from application delivery and load balancing solutions deployed from VMware, Microsoft and Oracle. These expectations include flexible authentication options to support security and reverse proxy functionality.
A few months ago, the following comment was posted on KEMP Technologies’ tech forum:
“I am in the process of looking for a load balancing solution to replace WNLB and our forefront TMG reverse proxy. One of the things we do with our TMG box is load an ISAPI filter that causes a 2-factor authentication page to come up when users try to access SharePoint. We are using WNLB in front of an Exchange 2010 CAA array, and SharePoint 2007 farm and doing reverse proxy for both of those applications, in addition to Lync 2010.
I was leaning towards F5, knowing they can pretty much do anything, but looking at your product’s price point is intriguing. The only thing I am not sure about is the 2-factor bit, and your reverse proxy functionality.
Do you in fact support 2-factor products (we use one from strike force, called protectid)? It does use RADIUS if that helps.”
Answer
KEMP’s LoadMaster has a long history of transitioning customers from Windows Network Load Balancer (WNLB) to a full L4-7 external load balancer. Additionally, the introduction of KEMP’s Edge Security Pack (ESP) provides TMG users a cost-effective alternative, which includes two-factor authentication, as the end of mainstream product support draws closer.
Let’s take a closer look at what two-factor authentication actually is and the benefits it provides.
What Exactly is Multi-Factor Authentication?
Multi-Factor Authentication is a security mechanism that requires multiple forms of identification before allowing access to a protected resource. Factors required typically include something you have, such as an RSA SecurID token that provides a dynamic authentication code, and something you know, such as a PIN. In some cases, multi-factor authentication also involves something you are by requiring a fingerprint or facial recognition. This process enhances security for application access and makes it more difficult for accounts to be compromised.
With electronic security breaches in the news on an almost daily basis, a robust, multi-faceted enterprise strategy is required to counter the threats. Two-factor authentication is just one process that is rapidly becoming standard practice in both private and public sector environments.
Multi-Factor Authentication at Work
Finance and banking are key industries where security is obviously of the utmost importance. It’s no wonder that multi-factor authentication combined with other mechanisms are often leveraged by financial service providers to facilitate tiered layers of security.
Note below the process that one financial institution employs for online account access and transactions:
- At the initial website logon, an authentication prompt asking for a confirmation code is presented.
- The required three-digit authorization is retrieved from a credit card sized device the randomly selects the number from a pool of 50 – 90 numbers.
- Once this three-digit code is entered, a second authorization code is then sent to the user’s mobile phone as an SMS that must be entered.
- Finally, a call centre agent contacts the user for verification if the transaction is above a predetermined amount.
This process just goes to show you the importance of a secure application and web service infrastructure. Since application load balancers are deployed in the traffic stream between clients and applications, they are in a prime location to participate in the multi-factor authentication process.
The KEMP Technologies Edge Security Pack for LoadMaster supports integration with RSA SecurID to help customers take one step forward in the challenge of protecting their environments.
