{"id":18396,"date":"2024-01-24T10:00:18","date_gmt":"2024-01-24T09:00:18","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=18396"},"modified":"2024-03-05T14:49:10","modified_gmt":"2024-03-05T13:49:10","slug":"einfuehrung-vpn-mfa","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/01\/24\/einfuehrung-vpn-mfa\/","title":{"rendered":"More IT Security for VPN: Introduction of MFA"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_18396 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_18396')){$('.twoclick_social_bookmarks_post_18396').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2024\\\/01\\\/24\\\/einfuehrung-vpn-mfa\\\/\",\"post_id\":18396,\"post_title_referrer_track\":\"More+IT+Security+for+VPN%3A+Introduction+of+MFA\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_18747\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-18747\" class=\"size-medium wp-image-18747\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-300x200.png\" alt=\"Encrypted and protected password entry\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-300x200.png 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-1024x683.png 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-768x512.png 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-1536x1024.png 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/01\/MFA-Bild-zentriert_Zeichenflaeche-1-1-2048x1365.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-18747\" class=\"wp-caption-text\">Source: Own illustration<\/p><\/div><\/p>\n<p>Due to the growing digitalization in the private and professional environment, the risk of cyberattacks and phishing attacks is also constantly increasing. Universities are also becoming an increasingly frequent target of such attacks. This is why IT security is a key issue at RWTH Aachen University.<\/p>\n<p>On February 1, 2024, multifactor-authentication (MFA) will be introduced for the VPN service at RWTH. This will significantly improve the protection of the IT services you use. The following blog post will explain what you need to do now.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<h3><span style=\"color: #00549f;\">What is Multifactor-Authentication?<\/span><\/h3>\n<p>MFA is a security procedure that requires a security code in addition to your usual login details. This is generated by a separate device or app, as is the case with online banking, for example. You can find more detailed explanations of MFA mechanisms in our blog post <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/01\/03\/sicherheitsmechanismen-kurz-erklaert-mfa\/\" target=\"_blank\" rel=\"noopener\">Security Mechanisms Unravelled: MFA<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">What Will Change For You?<\/span><\/h3>\n<p>The introductory phase of MFA for VPN will start on February 1, 2024. From this date, the VPN system will be protected with a second factor, as it is one of the most important and security-relevant systems at RWTH Aachen University. During this introductory phase, you will have the opportunity to practise using the second factor when logging into the VPN.<\/p>\n<p>After entering your known <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/vbf6fx0gom76\/article\/2a7c5b1bec464e38bac600b0184aa89c\/\" target=\"_blank\" rel=\"noopener\">login details<\/a> in the VPN client, you will be asked for this second factor. During the introductory phase, you can also log in without a self-created token by entering the current date as the second factor. Simply follow the instructions in the login screen when you log in to the VPN client.<\/p>\n<p>From March 19, 2024, the use of the second factor for VPN login will be mandatory. This means that from this date, you will no longer be able to log into the VPN without a second factor that you have set yourself.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">How Do You Use MFA?<\/span><\/h3>\n<p>In the <a href=\"https:\/\/www.rwth-aachen.de\/selfservice\" target=\"_blank\" rel=\"noopener\">Selfservice<\/a>, you can create and manage your tokens yourself by using the Token Manager. You can currently set up hardware tokens, app tokens (e.g. via authenticator apps), TAN lists, and email tokens. Please note that the first two tokens mentioned are the most secure options. You can find instructions on how to set up the tokens on the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/0f861f53818c44e9a5df6ea7b244dacd\/article\/0fa5126d3130400081afd532660e5b7b\/\" target=\"_blank\" rel=\"noopener\">IT Center Help<\/a> pages.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">MFA for VPN<\/span><\/h3>\n<p>You can currently use hardware tokens, app tokens, and the TAN list for VPN. As a first step, you have to create a TAN list. At this point, it is not yet possible to select other tokens. Please note that the TAN list should only be used for backup tokens. This will also protect you in case your preferred token type fails (e.g. your smartphone battery runs out or you lose your hardware key).<br \/>\nIn a second step, you then create your preferred token. You can choose between the hardware token or the app token. The use of the e-mail token is not supported with the VPN service. (*)<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Your Assistance is Required<\/span><\/h3>\n<p>During the introductory phase, the IT Center needs your help. A <a href=\"https:\/\/s2survey.net\/RWTH_VPN_mit_MFA\/\" target=\"_blank\" rel=\"noopener\">survey<\/a> will be conducted to gather your feedback on understanding, documentation and operation, which will help us to simplify the use of the MFA services. Thank you for your support!<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Outlook<\/span><\/h3>\n<p>In the future, other IT services of RWTH will also be protected with MFA. A process for distributing official hardware keys is currently being prepared by the IT Center. You will be informed about both topics in due course. If you already have a YubiKey as a hardware key, you will find suitable instructions for <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/0f861f53818c44e9a5df6ea7b244dacd\/article\/3280adde2aad4cb782af00964efc8877\/\" target=\"_blank\" rel=\"noopener\">setting up the YubiKey<\/a> on IT Center Help.<\/p>\n<p>&nbsp;<\/p>\n<p>If you have any questions or encounter problems, you can contact the IT Service Desk by phone on +49 241 80 24680, by email at <a href=\"mailto:servicedesk@itc.rwth-aachen.de\">servicedesk@itc.rwth-aachen.de<\/a> or via chat.<\/p>\n<hr \/>\n<p>Responsible for the content of this article are <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-BMB5LWS&amp;lidx=1&amp;allou=1\">Nicole Wie\u00dfner<\/a> and <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?allou=1&amp;gguid=PER-A5ZE3KS&amp;lidx=1\">Corinna Hausberg<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h6>(*) <span class=\"x-text\">The paragraph was updated on January 30, 2024.<\/span><\/h6>\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":4530,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[306,314,315],"tags":[61,62,869,57],"class_list":["post-18396","post","type-post","status-publish","format-standard","hentry","category-ankuendigungen","category-it-sicherheit","category-services-support","tag-it-sicherheit","tag-mfa","tag-multifaktor-authentifizierung","tag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/18396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/4530"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=18396"}],"version-history":[{"count":13,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/18396\/revisions"}],"predecessor-version":[{"id":18752,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/18396\/revisions\/18752"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=18396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=18396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=18396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}