Please Note: Pricing and availability are subject to change without notice.
Eliminates the password risk
Cisco Technology Developer Program certified
Tokens generate new passcodes every time you log in
Positively identifies administrators
Integrates seamlessly with Microsoft Active Directory
Runs on existing servers so installation is fast and easy
Simplifies and streamlines management and deployment
SafeWord RemoteAccess protects:
Cisco VPNs, routers, firewalls, and other RADIUS devices
Outlook Web Access
Positively identify administrators
SafeWord RemoteAccess provides a complete strong authentication solution specifically designed to protect both administrator (local and remote) and remote user access to Cisco VPNs, routers, and firewalls.
SafeWord RemoteAccess also protects Citrix applications, Outlook Web Access, and many other remote access systems. With tight integration and simplified management through Active Directory, and with tokens that generate new passcodes with every user login, SafeWord RemoteAccess lets you easily and cost-effectively eliminate the password risk.
Passwords are the weakest link in your security
Administrators need to access networks and applications from both within the enterprise and remotely. The most common way they currently identify themselves is with a simple password. But relying on passwords for security makes your network easy to break into. Passwords can readily be hacked using a wide variety of attacks, including sniffing, brute force attacks, dictionary attacks, personal information gathering, or simply tricking users into revealing their passwords. Industry experts estimate that 35 percent of corporate network passwords can be hacked within five minutes.
Conventional wisdom says passwords should be made more complicated (one government agency has a password policy that's 30 pages long!), but even the strictest password policy can be undermined by a simple Post-it note. The practical reality is that complex passwords are harder to remember and more likely to be written down, taped to monitors, or hidden under keyboards.
Strong authentication protects trusted connections
SafeWord RemoteAccess provides strong authentication�a simple and effective way to eliminate the risks of passwords for access to your network. To understand strong authentication, think of your ATM card. When you withdraw money from your bank you use a combination of two security factors�something you have (your card) and something you know (your PIN). You probably wouldn't want your bank to allow withdrawals with just one of these factors, yet many application deployments that protect extremely valuable data, proprietary information, and mission-critical applications, are protected by only one factor�a weak password.
SafeWord RemoteAccess delivers the extra security needed. Each user is assigned a Cisco-compatible token that can generate millions of unique codes based on an internal secret key. To log into your network hardware, the Administrator simply pushes a button on the token to generate the next one-time code, then enters this code along with a short memorized PIN. The robust SafeWord authentication server verifies each passcode, allowing access only to users with valid codes and PINs. After being used once, a one-time passcode is then useless, eliminating the risk of outsiders stealing, copying, or reusing passwords. The combination of dynamic codes and two-factor authentication provides unbeatable security.
Administrators need strong authentication
Strong authentication for administrator access means that no one can impersonate the administrator. When Cisco administrators have their own SafeWord tokens, other administrators, employees, or hackers cannot impersonate the administrator because they don't have access to the administrator's passcode, and therefore, they cannot guess, borrow, or steal it. Furthermore, when access is granted to all token-holding administrators, it is non-repudiable; they cannot deny that they accessed the network.
Even if a hacker penetrates the authentication server, he could not steal the administrator's password simply because it's not there. And because SafeWord is completely managed from Active Directory, all the authentication reports and audit logs are available in the tools that administrators already use.
Minimum requirements to secure the enterprise
Federal, state, and local regulations are being passed with growing frequency to increase security, protect consumer privacy against fraud and cyber terrorism, as well as enact audit and reporting controls. The most common compliance factor that these regulations require is that network access security systems know exactly who users are. Given that the administrator has the greatest network access, it's paramount that no unauthorized users (whether inside or outside the network) appear to be the administrator when they are not.
Many IT administrators use a single fixed password to access dozens of network devices, including routers, switches, and firewalls. To make matters worse, many administrators often share this password.
Return on investment
The use of SafeWord for administrators is a compelling security solution given that the entire network's infrastructure can be compromised with a single misplaced, stolen, or hacked password, or even a disgruntled (former) administrator. Unsecured enterprises will increasingly face civil liability as well as higher costs from poorly administered security programs, IP losses, theft and lawsuits. SafeWord for administrator access costs roughly $100 per administrator. Given the downside of using fixed passwords, the SafeWord return on investment is immeasurable.
Only event-synchronous systems are effective for administrator access control
SafeWord is an event-synchronous strong authentication system. Other systems, for example RSA's SecureID, are time-dependent. A major inconvenience and security issue for time-dependent systems arises when it is necessary to log into multiple devices or networks. Time-dependent systems require a clock to be present in the token (and in the server). These clocks are subject to "time drift" (unavoidably) where the server and the tokens become out of sync. Because the clocks in tokens can't be set, they drift farther and farther away from the correct time throughout the lifetime of the token. Compensating for this variance of time can create a number of difficulties�especially in large systems with thousands or tens of thousands of tokens. This results in frustration for users and administrators as well as in high quantities of help desk calls.
Additionally, when it comes to administrators needing to log into multiple devices, it's necessary with SecurID to wait 30 or 60 seconds for EACH login passcode (depending on how the system is set-up). If an administrator needs to log into 10 devices or networks, it will take 5-10 minutes simply to log into these devices. Because SafeWord is event-synchronous, it is never susceptible to time drift problems. Nor do users have to wait for passcodes. With SafeWord, a new passcode appears every time you press the button.
SafeWord RemoteAccess protects Cisco ACS, VPNs, routers, firewalls, other RADIUS devices, Citrix applications, and Outlook Web Access. SafeWord RemoteAccess requires that users be managed through Active Directory, and its components can be installed on the Active Directory domain controller and the other servers already in your network.
SafeWord server requirements
Support Microsoft IAS (RADIUS), Citrix applications, Outlook Web Access
Windows 2000 or 2003 domain controller
Active Directory populated with remote users
256 MB RAM minimum; 512 or above for configuring the Web Agents
300 MB disk space minimum; 3 GB disk space recommended
Do you need additional features?
If you need to protect access to Web, wireless, or legacy systems, if you need a wider range of authentication options, or if you need more powerful features such as role-based authentication, consider Secure Computing's SafeWord PremierAccess solution. An award-winning strong authentication and access control solution for enterprises, PremierAccess supports both Windows and Solaris platforms, and a wide range of authentication choices including hardware tokens, software tokens, smart cards, digital certificates, biometrics, and MobilePass, which sends one-time passcodes to your cell phone or pager.