SecurAccess

TWhen it comes to authenticating a user, first thing that comes to mind is
how secure is the channel over which the user is connecting. And is there any
possibility that his/her password could be stolen and used by any unauthorized
person to get into the system. Even today, most of the authentications are done
on pass code basis, which means if someone gets to know your pass code, he/she
can get into any of your systems with that password. Another example could be a
credit card; if someone gets to know your card's number with the cvv number then
he/she can easily do online shopping using your card. And knowing a card number
is not that difficult. Just remember how many times someone has asked to provide
the front and back side photocopy of your credit card for some kind of
verification.

Two factor authentication and Biometric authentication such as, finger print
and retina scanner are already there in the industry to provide an added layer
on top of the standard password based authentication, but their usage is not so
widespread because of the deployment hassles. Just image how difficult it would
be to deploy a two factor authentication for a bank. First of all the bank has
to dispatch the two factor token to all its customers, and once they are
received it has to be verified that the correct person has received it or not.
Then, if the token is lost or stolen, blocking its unauthenticated use and
reissuing a new token could take time while the customer will not be able to use
his/her account. But, token is something which really increases your security,
while you have to carry the token wherever you go to use the secured system.
Take an example where authentication is based on digital certificates. This
solves the problem of carrying a token or smartcard. But there are number of
roaming users in your organization, who also requires a digital certificate to
log in. Now if they are using a shared computer, they need to import the digital
certificate and if they by mistake leave their certificate undeleted, then it
can be a serious issue.

So, here is a solution for you, SecurEnvoy's SecurAccess provide you an
efficient and easy way to harden the authentication process by deploying dual
authentication within your IT infrastructure. And which can solve above issues
to a greater extent. Integrating this feature into your login process provides
an extra layer of security.

If the phone number is not entered in ADS or RADIUS, then you have to explicitly mention the no in SecurEnvoy.

This is a dual authentication mechanism but isnted of using a token, it uses
mobile phones and SMSs. Instead of getting the new pin every time on a token, by
using SecureEnvoy you can get it on your mobile phone. And the beauty of the
product is that it can be very easily be integrated with most of the Directory
Services and applications.

To understand it, let's take an example. you want to login to your head
office over VPN, along with your username and passcode, while using SecureEnvoy
you have a option for one more pin that you need to append to your existing
passcode (or in some cases, needs to be entered separately). This could be upto
8 character numerical figure. This pin is sent to you via an SMS gateway defined
in SecurEnvoy or via an email depending on your requirements. The generation and
sending of new passcode can be customized to a great level. It can be either set
to change each time the user logs in, once in nth number of days, or could be
set to real time. The major advantage of this solution over the token is that
here is no need to provide any tokens to the user and hence it saves a lot of
cost and deployment time.

From this window you can set the type of directory service you want to connect with.

How it works?

When a user is first added to the SecurEnvoy, immediately a SMS or email is sent
across to the user, which contents a passcode and that needs to be put entered,
while logging into the system. Now, as soon as the user logs in with the
passcode, a new passcode is generated at real time and is sent across to the
user immediately.

SecurEnvoy provides an easy deployment wizard to deploy the solution in your enterprise.

This passcode is for the next time, when you require logging in, which means
that each time you login, your passcode is different. So even if someone knows
your ADS or Radius passcode, he still doesn't have access to the SecurEnvoy
passcode. Another advantage of this is that, if someone wants to hack your
passcode and tries to get access to the system, it automatically sends a SMS or
email to you containing a new passcode. Hence you get to know that someone is
trying to have unauthorized access to your system. One more good thing about
this is that, the passcode SMS is always overwritten by the new passcode SMS,
which reduces number of SecurEnvoy SMS in your SMS inbox. One thing which could
be asked here is that, SMSs are by default plane text and if the passcode is
sent to you via a SMS then it's pretty much possible for someone in between SMS
transaction path, could intercept the SMS. But taking the point into
consideration, that the code in the SMS in going to be near realtime and its
life is just a single login, it's not feasible for a hacker to capture the pin
and reach to the authentication server and provide the authentication and that
to without the knowledge of the actual user. Now say for instance, the
registered mobile device is lost which means the passcode generated will be sent
to the lost mobile device which again could be a security threat. To overcome
this issue, SecurEnvoy provides a challenge response mechanism which asks you
certain number of questions defined by you.

You just need to answer the questions correctly and it automatically emails
you the new code or it asks you to update the new phone number on which it
should send the passcode. Again, all this is completely customizable and could
be used in different ways, such as where company don't wants the user to reset
the phone number, rather that right only remains to the admin. We tested this
solution by integrating it with multiple services such as IIS,VPN, etc and also
tried it with ADS and OpenLDAP directory services. The deployment was very
smooth and didn't require a huge amount of technical expertise to perform.

Bottomline: A brilliant solution with very simple deployment features
that provides great integration with all Directory Services.