Frequently Asked Questions

Here are some questions we get asked regularly:

What is TutisDisk

What is the Tutis Token?

What can it do and what are the benefits?

How secure is it compare to other authentication techniques?

What Applications Can Be Carried Out with the Tutis Token?

What is the Difference Between Managed and Self Managed Systems?

How Secure is the Data?

What Levels of Authentication to Use?

How Do You Use Tutis with a VPN Connection to a Server?

How Safe is the VPN?

How Can the System be BOLTED ON?

What is a 'Caboose'?

Why is it called 'Tutis'?

What is the TutisDisk?

Provides a secure and easy way of accessing files stored on a secure server.

What is the Tutis Token?

The token can be any electronic storage device that can be used by a computer, for instance it could be a USB memory stick, or a CD or DVD, you could even turn your laptop into a token.

What Can It Do and What are the Benefits?

The advantage of the token is that it can hold programs that enable it to do a wide variety of tasks from easy authentication and logon to complex VPN and file encryption applications.

How Secure is it Compared to Other Authentication Techniques?

The reason why this is so secure is that the token acts as just one element of the identification which can be locked down to a particular USB device.

Each time the customer logs in, a text message is sent which carries a unique one time password which also acts as an alert to the customer.  So if the token is stolen, then if it is used, the customer receives a text message and knows the token is being used without their permission.

The system can be enhanced to work with a username and password which then makes the system ‘two factor’.  This means that the customer has to know their password AND have the token before they can login.  This is seen as being the most practical high security measure.

It is possible to further enhance the security by using a USB device that requires a thumb print to be activated moving the system to ‘three factor’ but this is usually not required given that the Secure Now authentication has the advantage of a token, the mobile phone and username and password with the added advantage of a warning each time the customer logs on through text and/or email.

How secure is it compared to other authentication? 

One of the most secure of systems on the market.

What Applications can be Carried Out with the Tutis Token?

The token allows the customer to carry certain applications with them.  For instance, we have a systems that allow the storage of secure notes, of username and passwords and a virtual file system where one folder is located on a secure server and another folder is actually on the token itself. The advantage in the last application is that a customer writing a sensitive document can move it into the folder located on the secure folder and it will be encrypted and copied to the server which means that if the laptop is stolen, there is no valuable data on the laptop.

What is the Difference Between Managed and Self Managed Systems?

A managed solution has the advantage of being maintained by experts who have spent a long time in the security industry and know how to secure and configure servers.

The customer does not need to buy and maintain primary and backup servers, primary and backup network links or to ensure that the physical locations are secure.

A self managed system puts all these concerns in the hands of the customer allowing them to decide on which servers to use, where to locate them, how much bandwidth to buy and who to employ and trust.

Which is better depends on the deployment of the system.  If the managed service is in the UK and the customer in Australia, then it might make more sense due to the time difference to have a self-managed system.

If the customer already has secure servers in two or more locations with well trained security staff, then again it might make more sense to deploy a self managed system but in most cases a managed service has many advantages.

 

How Secure is the Data?

Since the data is stored in encrypted fashion, the managed service provider cannot read the data on their server, as the key to decrypt the data never leaves the customer.  What is stored on the server is just an encrypted ‘blob’ of data that would take centuries to crack.

What Levels of Authentication to Use?

The Secure Now authentication technology allows a number of different configurations:

1. At the simplest level, the customer might choose ‘single factor’ authentication where possession of the card and the mobile phone is sufficient security so the end user just simply inserts the token, waits for the text message and enters the site or the application.  This is simple, self alerting and secure as anyone wanting to hack into the system must have access to the end user physically.  With just a username and password, the hacker can be remote and just steal the username and password database or just try different combinations (computers now can try millions of passwords a second).
2. The next level is where a password is added to the security, this makes the system ‘two factor’: something you have in the form of the token and mobile phone and something you know in terms of the password.  Here if a thief does steal the token AND the mobile phone AND can get to use it before the end user cancels the mobile phone or the token, then they still have to know a password, which is extremely unlikely.
3. The third level is where a biometric factor is added to the authentication.  A biometric measure is something that you are, like a thumb print or retina scan.  The Secure Now solution would implement this through a thumb print normally (but other techniques could be used) and this would be added to the token and password.  The thief now needs to have the co-operation of the end user as he needs the user’s thumb.  This makes the access even more difficult and to be honest, the thief might just as well dispense with trying to break the Secure Now solution and resort to intimidation or blackmail to get the information direct from the end user.

How Do You Use Tutis with a VPN Connection to a Server?

Net Caboose provide a VPN solution that uses the Secure Now solution to provide the authentication and industry standards to ensure the security of the data in transit.

When the key is inserted, it connects over https to the VPN server at the customer’s site and identifies itself with a unique 32 character identification code.

The server generates a one time 1024 key which it then encrypts with a password.  The strength of this password can be defined by the user from a 4 number PIN to a 32 character password using numbers, letters and symbols.

The password is then sent via SMS to the customer’s phone whilst the 1024 key is sent via https to the customer’s computer.  The customer enters the password to decrypt the key which then uniquely identifies the customer for this session.

If the customer wants to enhance this, then both a password and biometric measure can be added as required.  The VPN is then opened to the remote site through the https encrypted link.

How Safe is the VPN?

Anyone wanting to break the tunnel in transit would have the AES encryption of https to break AND the AES256 link of the VPN to break, this would take something in the region of 5 times the length of the universe to achieve.  So the VPN is extremely safe.

How Can the System be BOLTED ON?

The ‘bolt on’ nature of the authentication technique depends on the nature of the application.  For instance, if you already have a website that implements a username and password, you might well consider that this was not sufficient and want to add the token.

In a managed service solution, you would simply only let requests to logon come from the Secure Now servers, so anyone going direct to the site would not be offered a username and password, a simple website change.

An end user would insert the token, get taken to the Secure Now logon servers, authenticate in the usual way using either just the token or the token and a password and be taken straight onto the customers website where they could enter their original username and password or be allowed direct entry, depending on the level of security required.

The permutations on the configuration of this system are large and we can adapt to a number of different requirements.  Please talk with yourNet Caboose salesman for more details.

What is a 'Caboose'?

The British Antarctic Survey (BAS) carry out some pretty sophisticated experiments in the Antarctic.  This requires a lot of sensitive electronic equipment and it has to be housed safely against hurricane winds and temperatures as low as -55C.  So BAS put all this sort of equipment into insulated huts which are called 'cabooses', like the one shown here.

So when it came to naming a company that protected networks against the threats of the internet, the name just had to be 'Net Caboose'!

In the States, a Caboose is the guard's van on a train which is also quite apt.

Why is it called Tutis?

Tutis is the Latin for 'Secure', so when we talk about TutisConnect, we are talking about a secure connection, and with TutisAuth, we refer to two factor authentication as being secure.

• Next page
• Previous page