Advertisment

SecurAccess

author-image
PCQ Bureau
New Update

TWhen it comes to authenticating a user, first thing that comes to mind is

how secure is the channel over which the user is connecting. And is there any

possibility that his/her password could be stolen and used by any unauthorized

person to get into the system. Even today, most of the authentications are done

on pass code basis, which means if someone gets to know your pass code, he/she

can get into any of your systems with that password. Another example could be a

credit card; if someone gets to know your card's number with the cvv number then

he/she can easily do online shopping using your card. And knowing a card number

is not that difficult. Just remember how many times someone has asked to provide

the front and back side photocopy of your credit card for some kind of

verification.

Advertisment

Two factor authentication and Biometric authentication such as, finger print

and retina scanner are already there in the industry to provide an added layer

on top of the standard password based authentication, but their usage is not so

widespread because of the deployment hassles. Just image how difficult it would

be to deploy a two factor authentication for a bank. First of all the bank has

to dispatch the two factor token to all its customers, and once they are

received it has to be verified that the correct person has received it or not.

Then, if the token is lost or stolen, blocking its unauthenticated use and

reissuing a new token could take time while the customer will not be able to use

his/her account. But, token is something which really increases your security,

while you have to carry the token wherever you go to use the secured system.

Take an example where authentication is based on digital certificates. This

solves the problem of carrying a token or smartcard. But there are number of

roaming users in your organization, who also requires a digital certificate to

log in. Now if they are using a shared computer, they need to import the digital

certificate and if they by mistake leave their certificate undeleted, then it

can be a serious issue.

Price: Upon request



Meant For: Enterprise


Key Specs: Dual authentication


Pros: Real time passcode generation,
integrates with ADS, RADIUS



Cons: SMS not encrypted


Contact: Lancers e-Risk Solutions, New
Delhi



Website: www.securenvoy.com


Email: sales@securenvoy.com


SMS Buy 131097 to 56677






So, here is a solution for you, SecurEnvoy's SecurAccess provide you an

efficient and easy way to harden the authentication process by deploying dual

authentication within your IT infrastructure. And which can solve above issues

to a greater extent. Integrating this feature into your login process provides

an extra layer of security.

Advertisment
If the phone number is not entered in ADS or

RADIUS, then you have to explicitly mention the no in SecurEnvoy.

This is a dual authentication mechanism but isnted of using a token, it uses

mobile phones and SMSs. Instead of getting the new pin every time on a token, by

using SecureEnvoy you can get it on your mobile phone. And the beauty of the

product is that it can be very easily be integrated with most of the Directory

Services and applications.

To understand it, let's take an example. you want to login to your head

office over VPN, along with your username and passcode, while using SecureEnvoy

you have a option for one more pin that you need to append to your existing

passcode (or in some cases, needs to be entered separately). This could be upto

8 character numerical figure. This pin is sent to you via an SMS gateway defined

in SecurEnvoy or via an email depending on your requirements. The generation and

sending of new passcode can be customized to a great level. It can be either set

to change each time the user logs in, once in nth number of days, or could be

set to real time. The major advantage of this solution over the token is that

here is no need to provide any tokens to the user and hence it saves a lot of

cost and deployment time.

Advertisment
From this window you can set the type of

directory service you want to connect with.

How it works?



When a user is first added to the SecurEnvoy, immediately a SMS or email is sent
across to the user, which contents a passcode and that needs to be put entered,

while logging into the system. Now, as soon as the user logs in with the

passcode, a new passcode is generated at real time and is sent across to the

user immediately.

SecurEnvoy provides an easy deployment wizard to

deploy the solution in your enterprise.
Advertisment

This passcode is for the next time, when you require logging in, which means

that each time you login, your passcode is different. So even if someone knows

your ADS or Radius passcode, he still doesn't have access to the SecurEnvoy

passcode. Another advantage of this is that, if someone wants to hack your

passcode and tries to get access to the system, it automatically sends a SMS or

email to you containing a new passcode. Hence you get to know that someone is

trying to have unauthorized access to your system. One more good thing about

this is that, the passcode SMS is always overwritten by the new passcode SMS,

which reduces number of SecurEnvoy SMS in your SMS inbox. One thing which could

be asked here is that, SMSs are by default plane text and if the passcode is

sent to you via a SMS then it's pretty much possible for someone in between SMS

transaction path, could intercept the SMS. But taking the point into

consideration, that the code in the SMS in going to be near realtime and its

life is just a single login, it's not feasible for a hacker to capture the pin

and reach to the authentication server and provide the authentication and that

to without the knowledge of the actual user. Now say for instance, the

registered mobile device is lost which means the passcode generated will be sent

to the lost mobile device which again could be a security threat. To overcome

this issue, SecurEnvoy provides a challenge response mechanism which asks you

certain number of questions defined by you.

You just need to answer the questions correctly and it automatically emails

you the new code or it asks you to update the new phone number on which it

should send the passcode. Again, all this is completely customizable and could

be used in different ways, such as where company don't wants the user to reset

the phone number, rather that right only remains to the admin. We tested this

solution by integrating it with multiple services such as IIS,VPN, etc and also

tried it with ADS and OpenLDAP directory services. The deployment was very

smooth and didn't require a huge amount of technical expertise to perform.

Bottomline: A brilliant solution with very simple deployment features

that provides great integration with all Directory Services.

Advertisment