Two-factor authentication for devices
Double protection and security reinforcement
2FA
  • Weak passwords are easy to crack

    Weak passwords are easy to crack

    In 2018 Data Breach Report, Verizon noted that 25.9 percent of information breaches caused by insiders were related to system administrators, which has a lot to do with the fact that more than half of them reuse passwords and weak passwords. The security risk caused by weak passwords has become a serious threat to enterprise security operations and maintenance.


  • Large threat of dragging and credential stuffing

    Large threat of dragging and credential stuffing

    Dragging/Credential Stuffing has become one of the most serious network security threats in recent years. There are many ways to leak user information, such as accessing user data by cracking online websites. In the face of more and more intrusions against user information, it must be used for protection through new technical methods.


  • Static password authentication method has the limitation

    Static password authentication method has the limitation

    Most enterprise applications still use the authentication method of "username + static password" to log in. Employees need to remember multiple account passwords and change them regularly according to password policies, which not only affects the end-user experience but also reduces the operational efficiency of enterprises.


INTRODUCTION

2FA

The definition of Two-factor authentication is the use of two independent and unrelated credentials to prove identity (e.g., the static password + dynamic password). The Bamboocloud Device Two-Factor Authentication (2FA) product uses a microservice architecture with horizontal scalability, high availability, and high concurrency. Based on OTP, built-in dynamic password, temporary authorization code, QR code and other authentication methods, it can be seamlessly connected with the third party authentication (RSA, digital certificates, biometric authentication, etc.), (supporting one-click integration applications without the need to transform the target system) to achieve the security of the device account reinforcement (its compatibility with mainstream VPN, desktop Virtualization/ desktop publishing( DTP/ desktop publisher), network equipment, server / server virtualization, bastion host, the Network access, database, enterprise WEB applications, cloud applications and other business scenarios account security reinforcement) that meets business security needs and meets regulatory and security level protection requirements.


FEATURES

2FA
  • High security

    The dynamic passwords generated by the authentication server and the dynamic token are both generated and existed at the same time, and there is no direct communication between the dynamic token (e-account plus) and the authentication server during the whole authentication

  • Flexible authentication mode

    The system supports various authentication methods such as password, SMS, code scanning, dynamic password, temporary authorization code, push, face recognition, WeChat, nailing, etc., and can flexibly authenticate strategies based on individual account, user group, user role and other dimensions.
  • Providing mature standard protocol integration

    The platform provides standard integration schemes such as Radius, LDAP, Web SDK, Scheme, Plugin, API, etc., which greatly simplifies the integration work, and the target system can realize the two-factor authentication function without modification.
  • Rich embedded application scenario templates

    The platform supports the templates of various network devices, Web applications, operating systems, middleware, mobile applications and other related business scenarios, including mainstream VPN, Fort Machine, Web, Android, iOS, H5, Windows, Linux, SVN, Git, etc.
  • Automatically energizing in once docked

    After the system is docked once, the expansion, change and movement of each application authentication mode are all enabled and recycled by the two-factor authentication platform with one click, thus realizing zero transformation and zero impact of the application.
  • Simple and efficient platform deployment

    The platform is built by SpringBoot microservices, compatible with SpringCloud microservices framework and K8S/Docker container platform, and supports horizontal expansion, high availability and high concurrency.

APPLICATION SCENARIOS

2FA
  • VPN

    01

    Compatible with mainstream brands such as H3C, Huawei, Sangfor, TOPSEC, 360, Hillstone Networks, DPtech, Cisco, PA, Juniper, CheckPoint, F5, Array, Watch Guard, SonicWall, OpenVPN, etc.


  • Virtualized Desktop / Desktop Publishing

    02

    Huawei Cloud Desktop, Sangfor Cloud Desktop, Owtware, massclouds, Citrix, VMWare View, etc.


  • Enterprise WEB Applications

    03

    Web login for OWA, SharePoint, Coremail mailbox, UFIDA A8, weaver OA, Oracle, NetSuite, etc.


  • Bastionhost and Network Access

    04

    Support Palladium, SAFETY, shterm, Jiangnan keyou, NSFOCUS, Dbappsecurity and other fortress Bastionhost machines, support wired and wireless network access and network access.


  • Network Devices/ISE/ACS/iMC

    05

    Compatible with H3C, Huawei, ZTE, Juniper, Cisco and other mainstream network equipment and identity management software.


  • Server & Server Virtualization

    06

    Support AIX5.3/6.1 HP-UNIX, Linux, Windows Server, MAC and virtual server account protection.


ARCHITECTURE

2FA

2FA platform can realize the second factor authentication other than static password authentication without modifying the target system, which meets the business security requirements and meets the requirements of supervision and security level protection. Support visualization of user management, authentication management, application management, authorization management, audit management and other functions. Authentication management is the core, and different authentication methods (including biometric authentication, non-biometric authentication and standard authentication protocol) can be quickly obtained through the unified architecture of authentication policy engine. The new authentication service is plug-and-play, and the engine provides flexible authentication arrangement and authentication security classification, which is convenient for enterprises to flexibly schedule authentication.

2FA.jpg

ADVANTAGES

2FA
  • Target system "0" modification

    Device two-factor authentication products for the target business system to be protected without any modification, which can add a second factor (dynamic password, SMS verification code, temporary authorization code, etc.) on the basis of the original user name password.


    Target system "0" modification
  • Out of the box, simple integration and configuration

    Modular management of the product, with built-in templates for multiple vendors' devices, enables non-intrusive integration. Only the administrator can add devices and configure policies by click.


    Out of the box, simple integration and configuration
  • Centralized control of heterogeneous devices

    The platform supports centralized control of multi-vendor devices and provides complete operation, authentication and audit logs.


    Centralized control of heterogeneous devices
  • Flexible authentication

    The platform provides various authentication methods, including scanning codes, dynamic password, fingerprint, gesture, temporary authorization code, face, voice print, etc. It also provides authentication policies based on devices, users and user groups, etc. The authentication methods can be combined in any way to meet the authentication needs of users in all scenarios.


    Flexible authentication