VIP Enterprise Gateway 9.5 supporting authentication using VIP Access Push has been made generally available to customers.
You can now use VIP Access Push to access your corporate network through your VPN, in addition to web-based applications and with web service APIs. The best part is you don’t need to dramatically change your current behavior, you just have one less step in the login process. When using Push verification it's no longer necessary to enter the 6-digit code at the end of your password- you just enter the same userid and password you’ve always entered, tap the Allow button on your mobile device, and you’re in!
Two-factor authentication is an important piece of any resilient security strategy, providing a second layer of security beyond a simple password helps keep attackers out. However, two-factor authentication is only valuable if it’s used, so it must be easy. VIP Access Push makes authentication easy, which in turn leads to better security.
For organizations that rely on weak authenticators (ex. passwords, knowledgebase questions, etc.) a breach is a real threat. One of the reasons relying on passwords is so risky is because of password reuse. Just recently there was a breach at Domino's Pizza and a Pinterest breach. What if you or one of your employees were a Domino’s Pizza customer or Pinterest user and used the same password for your corporate account? Your organization may be the next victim, unless strong authentication is in use; then you should still change your password, but your company’s not in imminent danger of a potentially costly breach.
The biggest wake-up call for organizations in the recent past is still the Heartbleed vulnerability, which was brought to light two months ago. One would think it’s now old news, but interestingly enough, according to security researcher Robert Graham, more than 300,000 servers are still vulnerable to the Heartbleed bug. This suggests that now that the media hype has died off, IT administrators are not fixing unpatched servers. Two-factor authentication would offer protection against the unauthorized access to any account using a password that had been obtained because of the vulnerability.
VIP Access Push works by sending a Push verification to the registered mobile device upon sign-in, replacing the need to manually enter a six-digit security code. With the touch of a button you can approve the request, which is then verified by Symantec, and a confirmation is instantly sent back your phone to complete the sign-in.
VIP Access Push uses a challenge-response authentication technique and a 2048-bit asymmetric key to securely and uniquely identify the device and help protect against a security breach. You receive a notification on your mobile device each time there is a login attempt and have the option to deny any request. If your mobile device is offline, you will have the option to use the six-digit security code from the same VIP Access app to authenticate.
Follow us on Twitter: @SymantecVIP