FirstClass Communications Platform Security
FirstClass is an inherently secure design. The information provided below describes some of the inherent security features of the product and details the strategies and standards FirstClass utilizes to provide a secure environment.
FirstClass combines a robust message store and access control system with an encrypted client-server connection to ensure that messages are secure. FirstClass employs a stream-cipher to implement secure log-ins and data communications. The encryption scheme uses a 3-way handshake with keys exchanged by the server and client at link startup, to ensure that the encryption is different each time. Everything from user activity, Address Books, messaging and chats are encrypted over the link. The public keys are stored in the directory, and for internal FirstClass users, the process of sending a secure message is transparent.
Encryption at this level provides secure transmission for not only passwords, but for every message, calendar item, and Address Book entry. Notification and authentication are provided using MD5 for excellent account security. Packet level encryption is inherent to FirstClass and as such, works regardless of whether the system is communicating using TCP/IP, IPX, AppleTalk, ISDN, or even by modem.
In addition, FirstClass also offers packet-level encryption. Essentially, this means that every portion of every message transmitted between the client and the server is significantly more difficult to successfully intercept. Almost all network applications, from file sharing to printing to sending messages, expose content directly to anyone utilizing a simple packet analyzer program. Packet level encryption ensures secure message transfer regardless of connection type.
In addition to the encryption of content traveling between the client and server, FirstClass provides 5 layers of security.
Layer 1: UserID and Password
The user ID and password is first level of security. All users must have a valid UserID and password to log on to the server. Password restrictions can be customized to ensure that userÕs accounts are not easily accessible. In addition, most conventional email systems accomplish user log-in by making use of the userÕs mail address, which is public information. Within the FirstClass environment however, UserIDs and email addresses are unrelated to each other, unrelated to the userÕs password, and also unrelated to the name of the actual user. Using this private information makes it far more difficult to break into a FirstClass UserÕs mail account than conventional email systems.
Password Security within FirstClass Unified Communications
Users have two sets of user IDÕs and passwords Š one for access to the FirstClass server via the PC or web (Internet Services), and one for access through the phone (FirstClass Voice Services). Accounts can be created and deleted on an individual basis or via Batch Administration commands for larger groups of users. When provisioned with a new account, users are assigned a unique username and password, subject to the strengths of the FirstClass security features outlined here. New users can be notified of their new username and temporary password via two separate emails (for security purposes), and instructed to change the temporary password to a different alphanumeric password, subject to FirstClassÕ password rules.
For PC or web access, Administrator(s) can set the password restrictions for all users on the system. If the Administrator does not set any password restrictions, FirstClass sets default restrictions according to User Group settings. More specifically, the Administrator can set:
|