IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
SECURE ONE TIME AUTHENTICATION TOKENS FOR
VIRTUALLY ANYTHING
Convenience is afforded by things like internet shopping, banking and
remote access to your office LAN, but it’s essential to secure sites against
identity theft and internet fraud. This solution is a groundbreaking
authentication system that allows users to login securely to almost anything
that requires personal authentication, without the need to remember
passwords.
Secure Connect service is an outsourced remote access solution, allowing
mobile and remote users secure access to company resources from
anywhere at any time. Utilising features such as SSL VPN technology and
strong two factor authentication, this solution has been developed in a
unique way that the company has complete control and peace of mind
around their remote access requirements. The solution is offered in two
flavours namely, the token card solution and now also available on your
phone - our Mobile Connect solution - which gives you the ability to use
tokens generated on your mobile phone.
The early standard in the VPN space was the IP Security Protocol (IPSec),
and to a lesser degree Point-to-Point Tunnelling Protocol (PPTP). SSL VPNs
use a different methodology to transport private data across the public
Internet. Instead of relying upon the end user to have a configured client on
a company laptop, SSL VPNs use SSL/HTTPS, which is available without
additional software deployment on all standard web browsers, as a secure
transport mechanism. Using an SSL VPN, the connection between the mobile
user and the internal resource happens via a web connection at the
application layer, as opposed to IPSec VPNs’ open “tunnel” at the network
layer.
IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
Secure Connect Solution Features

SSL VPN

Two Factor Authentication (OTP)

Complete Security and Control

Endpoint checking


No client software
AD integration
Secure Mobile Solution Features

In addition to all of the above, secure one-time-passwords can be
generated on users mobile phones when Mobile connect is purchased.

No need to receive passwords via SMS that can be intercepted by
internet fraudsters. The application generates tokens without use of a
mobile network.

Eliminate the need to carry additional authentication hardware or cards –
use what you have – your phone.
Solution Benefits

Outsourced and Managed Solution

Connect, anywhere, anytime

Device agnostic, just a browser required

Cost Effective

Support and hi-tech skills

Users can login securely to just about anything that requires
authentication

With Mobile Connect, the application is downloaded and installed very
quickly and easily

The backend authentication server keeps itself up to date with the latest
version of software via secure HTTP updates, ensuring that the latest
product improvements are installed at all times

With Mobile Connect, no external sources are required to generate
OTP’s, the opportunities for Internet fraud of any kind are therefore
significantly reduced
IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
TWO FACTOR AUTHENTICATION – TOKEN CARDS
This solution includes physical end-user credit card one time password (OTP)
tokens.
These
tokens
(which
are
IS
branded)
will
have
two
important
characteristics:

Tokens will have a liquid crystal display that display a s ix- to eightcharacter pass code.

Each token will be unique to each end user .
The Two-Factor Authentication tokens will allow for strong authentication and
non-repudiation. These tokens can be used in conjunction with any device
(laptop, cell phone etc) or medium of connectivity.
The use of SSL is ideal for the mobile user because:

SSL VPNs do not require a client download onto the device being used to
access corporate resources.

SSL VPNs do not require any configuration by the end user.

SSL is available wherever there is a standard web browser, so users don’t
need a company laptop.
SSL is familiar to most users, even those without a technical background. It is
already installed on any Internet-enabled device that uses a standard Web
browser, and no configuration is necessary. SSL operates at the application
layer, independent of any operating system, so changes to the OS do not require
an update in the SSL implementation. It is possible to offer extremely granular
access controls to applications, making it ideal for mobile workers and those
users coming from an unmanaged or un-trusted end-point.
IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
WHY TOKENS? – THE PROBLEM WITH PASSWORDS
The problem with passwords is that it is too easy to lose control of them.
Passwords are often shared, written down, e -mailed, easy to guess, etc, which
reduces their effectiveness as these then can be used by unauthorised
personnel.
Two-factor authentication mitigates this problem. If your authentication process
includes a number that changes every time you login, or a unique reply to a
random challenge, then it’s difficult for someone else to i ntercept and since it is
a unique number, there is no need to write this down . An intercepted password
won't be usable as the unique number is required, and the two-factor password
is almost impossible to guess.
TWO FACTOR AUTHENTICATION – MOBILE TOKENS

The underlying technology for IS Mobile Connect is the same as for the
token cards.
The only difference is that you use your mobile phone to
generate tokens instead of a token card.

The IS Mobile Connect application is the end users interface to the
authentication system.

It is easily deployed to any mobile phone with native versions.

It’s capable of storing one or many oath compliant OTP tokens which are
used to securely generate one time passwords without requiring GPRS,
Edge, 3G or SMS activity.

The application is capable of storing more than one OTP password

The authentication server is responsible for validating OTP’s generated on
users mobile phones.

The authentication server identifies if the one time password is valid using
an incremental algorithmic process.
IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
INTEGRATION TO BACKEND SYSTEMS

IS
Secure
and
Mobile
Connect
authentication
solutions
don’t
use
synchronisation but rather integrate direct with a directory. All data
remains stored in the directory keeping information up to date all the time.

Via Radius, authentication to a multitude of network devices and software,
such as routers, switches, VPN’s, RAS, network servers is possible. It also
features multiple data sources which allow it to be linked to multiple
existing separate directories or databases of users.

XML-RPC support allows easy integration with any web based portal, site or
service.
IS SECURE CONNECT AND MOBILE CONNECT
SOLUTIONS
COMPLETE SECURITY AND CONTROL

Hardened platform leverages Juniper’s Instant Virtual Extranet, which has
been verified by numerous third party experts.

Native endpoint assessment before a connection is allowed and throughout
the session at administrator-specified intervals.

Endpoints can also be checked for the presence and operation of 3rd party,
best-in-class
security
applications.
( E.g.
AV,
Service
Pack,
Spyware
software verification to enforce company policy).

Enhanced remediation capabilities instruct non -compliant end users how to
correct
their
security
posture,
easing
management
headaches
and
enhancing productivity.

Strong security and encryption protocols.

MD5 checksum for application validation.

Client-side and server-side Access Control Lists (ACL’s).

Powerful monitoring and reporting capabilities to track access requests and
usage.

Advanced encryption standard – makes use of block cipher (AES) for all
symmetric encryption.
PRICING
Per User for Secure Connect
only
Once off Setup Fee
Price per month
< 25
25 - 99
R 2000.00
R 2000.00
R 60.00
R 55.00
100 +
Per User for Mobile Connect
R 2000.00
R 50.00
only
Once off Setup Fee
Price per month
< 25
R 2000.00
R 60.00
25 - 99
R 2000.00
R 55.00
100 +
R 2000.00
R 50.00
GENERAL TERMS AND CONDITIONS

All prices are quoted in ZAR, exclude VAT, are subject to IS Terms and
Conditions and are valid for 30 days from date of quotation.

Fees are invoiced monthly in advance

All pricing is based on a minimum initial contract period of 24 months. The
contract will be automatically renewed i f there is no customer intimation
on service discontinuity with an advance notice of 30 days prior to renewal
time.

The service requires a MPLS port.

The service also requires an additional DMZ port.

A R350 charge will be levied for lost or stolen cards.

Usage – Unlimited.