TOTPRadius VPN Portal - Security
VPN Portal is a subcomponent of TOTPRadius appliance and is required to implement several features, such as LDAP-based self-service enrollment, FIDO2/Passwordless or Azure AD Oauth2/SSO VPN access for your users (available starting from v0.2.5).The principle behind VPN Portal is that it has to be accessible from the public internet, so there is an additional configuration required in your network layout. The web portal is running as a separate web server on the same virtual appliance, instead of standard https port (443) used for admin interface, the VPN web portal responds on port 9443. This port cannot be used directly for technical reasons, so has to be NATted to port 443.
The recommended network layout is displayed below
Approved Security Label
For obvious reasons, this portal has to be exposed to the public network. We understand the potential risks and hesitations of making a web application accessible to the whole planet, therefore to ensure the security of the VPN Portal is at the highest level, we have contracted an independent security company, SySS GmbH , to conduct a full penetration testing against this web application and produce a report.
The team from SySS GmbH has completed the penetration testing and produced a security certificate available below:
The TOTPRadius VPN Portal component is currently labeled as "Certified Website - Approved Security" by SySS Gmbh
About
Installation and configuration
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Integration guides
Blog
15-05-2023
Azure AD Authentication methods policy migration
In an effort to enhance security and streamline administration, Microsoft introduced the Authentication methods policy for Azure AD. This policy allows administrators to manage the MFA and SSPR settings from a single location, simplifying the overall user experience. However, it's important to note that the migration process has a limitation when it comes to hardware OATH tokens.
05-05-2023
Molto2 Receives "Certified Product" Badge from Independent Third-Party Assessment by SySS GmbH
At our company, we believe in delivering safe and secure products to our customers. That's why we engaged SySS GmbH, an independent third-party security company, to conduct a thorough security assessment of our product, Molto2. We are proud to announce that Molto2 has passed this assessment with flying colors and has received a "Certified Product" badge from SySS GmbH.
21-04-2023
Introducing Token2 FIDO2 PIN+: The Security Key That Enforces Strong PIN Complexity
We are excited to announce the upcoming launch of our latest product variation, the Token2 FIDO2 PIN+. The PIN+ series is a new variation of our existing security keys that deviates from the FIDO2 standards to provide stronger PIN complexity enforcement.