                            SecurPBX using SecurID
                         by pbxphreak <chris@lod.com>


                             .---------------.
                             |      | 037592 |
                             |      `--------'
                             |  SecureID     |
                             `---------------'


SecurID Token:
-------------

The SecurID token provides an easy, one step process to positively identify
network and system users and prevent unauthorized access. Used in conjunction
with Security Dynamics Server software, the SecurID token generates a new
unpredictable access code every 60 seconds. SecurID technology offers
crackproof security for a wide range of platforms in one easy-to-use package.

Highlights:
----------
 
 - Easy, one-step process for positive user authentication 
 - Prevents unauthorized access to information resources 
 - Authenticates users at network, system, application or transaction level 
 - Generates unpredictable, one-time- only access codes that auto- matically
   change every 60 seconds
 - No token reader required; can be used from any PC, laptop or work- station
   ideal for remote access and Virtual Private Networks
 - Works seamlessly with ACE/Agent for secure Web access 
 - Tamperproof


The Solution:
------------

For a sophisticated hacker or a determined insider, it doesnt take much to
compromise a users password and gain access to confidential resources. And
when an unauthorized user enters a supposedly secure system all privilege
definition and audit trail functions become virtually meaningless... in
essence, the damage is done. Single-factor identification a reusable password
is not enough.

To identify and authenticate an authorized system user, two factors are
necessary. Factor one is something secret only the user knows: a memorized
personal identification number (PIN) or password. The second factor is
something unique the user possesses: the SecurID token.

Carried by authorized system users, SecurID tokens available in three models
generate unique, one-time, unpredictable access codes every 60 seconds. To
gain access to a protected resource, a user simply enters his or her secret
PIN, followed by the current code displayed on the SecurID token.
Authentication is assured when the ACM recognizes the tokens unique code in
combination with the user's unique PIN. Patented technology synchronizes each
token with a hardware or software ACM. The ACM may reside at a host, operating
system, network/client resource or communications device  virtually any
information resource that needs security.

This simple, one-step login results in crackproof computer security that easy
to use and administer. The tokens require no card readers or time-consuming
challenge/response procedures. With SecurID tokens, reusable passwords can no
longer be compromised. Most importantly, access control remains in the hands
of management.

 
SECURID PINPAD:
--------------

An added level of security can be implemented with a SecurID PINPAD token.
The PINPAD token enables users accessing the network to login with an
encrypted combination of the PIN and SecurID token code. Using the keypad on
the face of the PINPAD token, a user enters his or her secret PIN directly
into the token, which generates an encrypted passcode. This additional level
of security is especially appropriate for users in application environments
who are concerned that a secret PIN might be compromised through electronic
eavesdropping.

SecurID tokens are ideal for any environment. The original SecurID token
conveniently fits into a wallet like a credit card. The SecurID key fob
offers a new dimension in convenience to those customers requiring high
levels of security in multiple environments, along with compact size and
durability. In addition to providing the same reliable performance in
generating random access codes as the original SecurID token, the SecurID key
fob comes in a small, light- weight format.

                               SecurPBX
                               --------

Ok. Plain and simple. SecurPBX is a product to protect PBX systems worldwide
and automated Help Desk functions.

SecurPBX provides remot access security for telephone lines, modem pools,
voicemail ports, internet access lines, and the maintenance port on PBX
systems. Used in conjunction with Security Dynamics SecurID, SecurPBX
protects valuable PBX resources from remote access by unautorized callers
without comprimising the conveniences of remote telephone and data access
to teleworking or traveling employees.

Callers dial specific numbers on the PBX for long distance services. As an
adjunct to the PBX and a client to the server, SecurPBX recieves the
callers request for resources. Functioning as a client, SecurPBX requires
remote callers to provide SecurID user authentication and an authorized
destination telephone number before being transfered to the desired resource.
SecurPBX transmits the credentials to the server for authentication
and simultaneously validates the telephone number by user specific
permissions and denials. SecurPBX integrates with the PBX to process the
call based on the validity of the caller via SecurID and the destination
number attemped.


                                     .----------.      |
                                     |  SERVER  |---- -x- <-- Security
                                     `----------'      |
                                          |            |
                                          |           _-_
.--------------.                          |
|     | 037592 |        ,-----.
|     `--------'  ----- | PBX | -----  .-----------.
| SecureID     |        `-----'        | SecurePBX |
`--------------'                       |  Switch   |
                           |           `-----------'
                           |
                            --------------- Users

Each SecurID card is a visually readable credit card sized token or key which
is programmed with Security Dynamics powerful algorithm. Each card
automatically generates an unpredictable, one time access code every 60
seconds. The token is conveinent to carry and simple to use and is resistant
to being counterfeited or reversed engineered.

SecurPBX extends the secure working enviroment of an organization to remote
locations. SecurPBX applies user specific calling restrictions before any
call is completed to prevent unauthorized toll charges and misuse of PBX
resources. The time of day, volume of calls per user, destination telephone
numbers (restricted to NPA and NXX) and customizable classes of service add
a vital layer to access security without compromising the conveinience of
having remote access to telephone resources. SecurPBX logs all successful
and unseccessful attempts including the destination telephone number.
Caller ID/ANI if available also provides the origination telephone number,
pin pointing the location of the caller.

Highlights of SecurPBX:
----------------------

 - Compatible with all major PBX vendor types.
 - Cost effective remote access security for PBX resources.
 - Prevents unauthorized access to valuable voice and data resources.
 - Secures remote long distance, and alternative method for replacing
   calling cards.

 - Works in conjunction with each users SecurID card.
 - Centralized network authentication and security administration.
 - Easy to Use, voice prompting available in multiple languages.
 - Audit trails and reporting assure true caller accountability.
 - Caller ID/ANI option provides originating telephon number identifying
   hacker locations.

SecurPBX operates in Microsoft Windows NT enviroment. Callers and data users
achieve seamless access to PBX resources with validation data gathered as
efficiently as using a calling card and/or attemping a standard logon
procedure. In many cases, SecurPBX can be a calling card replacement and
may also be used with cellular phones to combat calling card fraud.
Fraudulent or suspect callers are denied access before toll charges and
resources damage occur.

Typically, securing a PBX from unauthorized remote access has required
disabling remote access to the PBX. Using dynamic, two factor authentication
through the server and validation destination numbers dialed, SecurPBX
systematically locks out unauthorized callers preventing toll, voicemail,
and data fraud. This provides a secure access point for
teleworking resources.

SecurPBX uniquie voice identification:
-------------------------------------

SecurPBX is a unique indentification solution providing secure remote
access to all major PBX or Centrex telephone systems. Protected resources
included are:

  - Long distance lines and trunks
  - Voice mail access lines
  - Call centers
  - Interactive voice response systems and audio response units

Access is controlled through postive identification by their unique,
individual voice prins. SecurPBX uses SpeakEZ voice print speak
verification service tehcnology to efficiently allow access to authorized
callers while eliminating access to unauthorized callers. The SpeakEZ
voice print system is recognized as the best in the voice verification
industry today.

Significant investments in telephone resources simple cannot be protected
by traditional static passwords or PINs. When making a telephone call from
any telephone using your calling card number, the one condition verifiable
as certain by the PBX or phone company is that someone is making a call with
a known authorization code, however, it could be anyone. Casual calling by
unauthorized personnel, recognized as a major misuse of corporate telephone
resources, must be controlled if not eliminated. SecurPBX provides that
capability to your organization.

SecurPBX prodives reliable, independant two factor user identification and
authentication. Factor one is something the users knows: a memorized personal
identification number or password. The Second factor is something unique
the user possesses: his/her own voice print. Each caller is required to
merely speak his/her chosen password which is compared to a stored voice
print. The password can be in any language or dialect.

SecurPBX extends the unique user authentication provided by SpeakEZ voice
print to include user specific calling restrictions. Time of day, volume of
calls per user, destination telephone numbers which are restricted to NPA
and customizable classes of service add important layers of access security
without compromising the convenience of remote access to telephone resources.


Highlights:
----------

 - Compatible with all major PBX vendor-types and Centrex
 - Cost effective remote access security for PBX resources
 - Prevents unauthorized access to valuable voice resources
 - Secures remote long distance
 - Non-intrusive security, callers are validated by their own voice prints
 - Language independent passwords
 - Centralized authentication and security administration
 - Easy to use, voice prompting available in multiple languages
 - Audit trails and reporting assure true caller accountability
 - Multiple voice prints available per user

Remote Access Security Solution:
-------------------------------

Optionally, after authentication, SecurPBX administrators can manage user
permissions and denials on from either the same SecurPBX workstation or from
another workstation connected via a LAN or remotely by modem in a Windows
friendly environment.

Long distance callers achieve seamless access to PBX outbound trunks with
validation criteria gathered as efficiently as a calling card and as easily
as talking to a telephone attendant. Fraudulent or suspect callers are denied
access before any damaging toll charges can occur.

SecurPBX logs all calls, successful and unsuccessful, including the date and
time, user ID, and destination telephone number. Depending on the PBX type,
Calling Line Identification ANI may be used as part of the validation process
and in those cases, will also be logged. Log information can be exported to an
external spreadsheet application or displayed in reports generated by the
SecurPBX Administrator.

SpeakEZ Voice Print:
-------------------

SpeakEZ Voice Print Speaker Verification is a highly effective method of
confirming a caller's identity. The service is based on the fact that each
person's voice is uniquely different, and, as a means of identification, is
highly reliable. Speaker Verification is an application of the SpeakEZ Voice
Print technology which compares a digitized sample of a person's voice with
a stored model "voice print" of that individual's voice for verification.

 - Authenticates the caller as opposed to information (i.e. PIN) or a piece
   of equipment.
 - Easy to use, language independent
 - Safe: a voice print cannot be lost or stolen
 - Cost-effective: does not require special hardware for the caller
 - Virtually fraud-proof: a voice is difficult to forge

Applications of SecurPBX:
------------------------

 - Secure Telecommuting (all valuable PBX resources)
 - Call center user authentication
 - Securing Interactive Voice Response (IVR) and Audio Response Units (ARUs)
 - Help Yourself suite of products for help desk automation (ASAPTM - ACE/Server Administration Program - PIN reset, SecurNT - Windows NT password reset, E-Help Desk - Entrust/PKITM profile recovery)

Technical Requirements:
----------------------

Telephony platforms :
                       All major PBXs including Nortel, AT&T, Rolm and Mitel

Processor           :  100% IBM compatible PC, Pentium 133 minimum 
Disk requirement    :  Hard disk 1 gigabyte minimum, 32MB RAM for Switch I
                       nterface, Client software, 8 MB for Administrator
                       software, actual storage based on size of user
                       population

Capacity            :  An unlimited number of users may be administered and
                       issued SecurID Cards. 32 simultaneous voice channels
                       per Switch Interface

Configuration       :  Multiples of 4, 12 and 24 line telephone interfaces

Management          :  SecurPBX Administrator includes extensive
                       administrative menus in user-friendly Windows 3.1 and
                       95 environment, real time monitoring and management of
                       multiple PBX sites

Conclusion:
----------

SecurPBX is defiantely the way to go to prevent your data and PBX systems
from getting hacked and abused.

EOF
