IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS SECURE ONE TIME AUTHENTICATION TOKENS FOR VIRTUALLY ANYTHING Convenience is afforded by things like internet shopping, banking and remote access to your office LAN, but it’s essential to secure sites against identity theft and internet fraud. This solution is a groundbreaking authentication system that allows users to login securely to almost anything that requires personal authentication, without the need to remember passwords. Secure Connect service is an outsourced remote access solution, allowing mobile and remote users secure access to company resources from anywhere at any time. Utilising features such as SSL VPN technology and strong two factor authentication, this solution has been developed in a unique way that the company has complete control and peace of mind around their remote access requirements. The solution is offered in two flavours namely, the token card solution and now also available on your phone - our Mobile Connect solution - which gives you the ability to use tokens generated on your mobile phone. The early standard in the VPN space was the IP Security Protocol (IPSec), and to a lesser degree Point-to-Point Tunnelling Protocol (PPTP). SSL VPNs use a different methodology to transport private data across the public Internet. Instead of relying upon the end user to have a configured client on a company laptop, SSL VPNs use SSL/HTTPS, which is available without additional software deployment on all standard web browsers, as a secure transport mechanism. Using an SSL VPN, the connection between the mobile user and the internal resource happens via a web connection at the application layer, as opposed to IPSec VPNs’ open “tunnel” at the network layer. IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS Secure Connect Solution Features SSL VPN Two Factor Authentication (OTP) Complete Security and Control Endpoint checking No client software AD integration Secure Mobile Solution Features In addition to all of the above, secure one-time-passwords can be generated on users mobile phones when Mobile connect is purchased. No need to receive passwords via SMS that can be intercepted by internet fraudsters. The application generates tokens without use of a mobile network. Eliminate the need to carry additional authentication hardware or cards – use what you have – your phone. Solution Benefits Outsourced and Managed Solution Connect, anywhere, anytime Device agnostic, just a browser required Cost Effective Support and hi-tech skills Users can login securely to just about anything that requires authentication With Mobile Connect, the application is downloaded and installed very quickly and easily The backend authentication server keeps itself up to date with the latest version of software via secure HTTP updates, ensuring that the latest product improvements are installed at all times With Mobile Connect, no external sources are required to generate OTP’s, the opportunities for Internet fraud of any kind are therefore significantly reduced IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS TWO FACTOR AUTHENTICATION – TOKEN CARDS This solution includes physical end-user credit card one time password (OTP) tokens. These tokens (which are IS branded) will have two important characteristics: Tokens will have a liquid crystal display that display a s ix- to eightcharacter pass code. Each token will be unique to each end user . The Two-Factor Authentication tokens will allow for strong authentication and non-repudiation. These tokens can be used in conjunction with any device (laptop, cell phone etc) or medium of connectivity. The use of SSL is ideal for the mobile user because: SSL VPNs do not require a client download onto the device being used to access corporate resources. SSL VPNs do not require any configuration by the end user. SSL is available wherever there is a standard web browser, so users don’t need a company laptop. SSL is familiar to most users, even those without a technical background. It is already installed on any Internet-enabled device that uses a standard Web browser, and no configuration is necessary. SSL operates at the application layer, independent of any operating system, so changes to the OS do not require an update in the SSL implementation. It is possible to offer extremely granular access controls to applications, making it ideal for mobile workers and those users coming from an unmanaged or un-trusted end-point. IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS WHY TOKENS? – THE PROBLEM WITH PASSWORDS The problem with passwords is that it is too easy to lose control of them. Passwords are often shared, written down, e -mailed, easy to guess, etc, which reduces their effectiveness as these then can be used by unauthorised personnel. Two-factor authentication mitigates this problem. If your authentication process includes a number that changes every time you login, or a unique reply to a random challenge, then it’s difficult for someone else to i ntercept and since it is a unique number, there is no need to write this down . An intercepted password won't be usable as the unique number is required, and the two-factor password is almost impossible to guess. TWO FACTOR AUTHENTICATION – MOBILE TOKENS The underlying technology for IS Mobile Connect is the same as for the token cards. The only difference is that you use your mobile phone to generate tokens instead of a token card. The IS Mobile Connect application is the end users interface to the authentication system. It is easily deployed to any mobile phone with native versions. It’s capable of storing one or many oath compliant OTP tokens which are used to securely generate one time passwords without requiring GPRS, Edge, 3G or SMS activity. The application is capable of storing more than one OTP password The authentication server is responsible for validating OTP’s generated on users mobile phones. The authentication server identifies if the one time password is valid using an incremental algorithmic process. IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS INTEGRATION TO BACKEND SYSTEMS IS Secure and Mobile Connect authentication solutions don’t use synchronisation but rather integrate direct with a directory. All data remains stored in the directory keeping information up to date all the time. Via Radius, authentication to a multitude of network devices and software, such as routers, switches, VPN’s, RAS, network servers is possible. It also features multiple data sources which allow it to be linked to multiple existing separate directories or databases of users. XML-RPC support allows easy integration with any web based portal, site or service. IS SECURE CONNECT AND MOBILE CONNECT SOLUTIONS COMPLETE SECURITY AND CONTROL Hardened platform leverages Juniper’s Instant Virtual Extranet, which has been verified by numerous third party experts. Native endpoint assessment before a connection is allowed and throughout the session at administrator-specified intervals. Endpoints can also be checked for the presence and operation of 3rd party, best-in-class security applications. ( E.g. AV, Service Pack, Spyware software verification to enforce company policy). Enhanced remediation capabilities instruct non -compliant end users how to correct their security posture, easing management headaches and enhancing productivity. Strong security and encryption protocols. MD5 checksum for application validation. Client-side and server-side Access Control Lists (ACL’s). Powerful monitoring and reporting capabilities to track access requests and usage. Advanced encryption standard – makes use of block cipher (AES) for all symmetric encryption. PRICING Per User for Secure Connect only Once off Setup Fee Price per month < 25 25 - 99 R 2000.00 R 2000.00 R 60.00 R 55.00 100 + Per User for Mobile Connect R 2000.00 R 50.00 only Once off Setup Fee Price per month < 25 R 2000.00 R 60.00 25 - 99 R 2000.00 R 55.00 100 + R 2000.00 R 50.00 GENERAL TERMS AND CONDITIONS All prices are quoted in ZAR, exclude VAT, are subject to IS Terms and Conditions and are valid for 30 days from date of quotation. Fees are invoiced monthly in advance All pricing is based on a minimum initial contract period of 24 months. The contract will be automatically renewed i f there is no customer intimation on service discontinuity with an advance notice of 30 days prior to renewal time. The service requires a MPLS port. The service also requires an additional DMZ port. A R350 charge will be levied for lost or stolen cards. Usage – Unlimited.