This solution applies to Barracuda SSL VPNs, all firmware versions.
There are a number of ways that you can enforce stricter access control policy:
- Ensure that your users exit the system by clicking the Logoff link in the top-right hand corner of the interface. This forces any SSL VPN Agent sessions that may be running to disconnect and close.
- Lock down your firewall. Depending on your specific network requirements, it may be possible to close most ports on your firewall apart from 443 which is required by the Barracuda SSL VPN. Utilize the features of the Barracuda SSL VPN to provide application/resource access over SSL instead of direct, possibly insecure access.
- Introduce additional authentication schemes to provide two-factor authentication. For example, you can introduce a hardware-based element to your logon process using hardware tokens such as CryptoCard or SecurID. For more information on multi-factor authentication schemes, please refer to Solution #00003777.
- Enforce password complexity rules across your organization.
- If using Active Directory authentication, incorporate a two-factor authentication scheme that requests a PIN number before the Active Directory password. Since Active Directory will temporarily lock an account that has experience a number of invalid logon attempts, by implementing this scheme you can reduce the risk of dictionary attacks on your SSL VPN server locking your users’ accounts.
Policies to enforce the resources that users can access. Make sure that
resources are assigned to the correct policies; users that do not need to
use a resource should not be able to access or see it.
Access Rights to enforce the permissions users have. Make sure that your
users have the correct levels of permission, if you do not wish for the
users of a policy to be able to create their own resources they should not
have the option to.