Transcription of RSA Authentication Manager
1 RSA Authentication MANAGERI nformation security is a necessary underpinning for furtheradvances in electronic business. Technologies such as sessionencryption, firewalls, virtual private networks, wireless LANs anddigital certificates have all emerged as pieces of the each is designed to enhance some aspect of informationsecurity whether by restricting access to or preventing theinterception of private data none of them alone is designed toaddress the fundamental security issue that underlies the mostdamaging information crimes such as is the person who isattempting to access protected files and/or resources an authenticuser or an impostor? This white paper discusses how RSA Authentication Managersoftware, as an integral component of the RSA SecurID solutionfor two-factor user Authentication , can help efficiently managethe Authentication of users to your network, Web-basedapplications or applications within your network.
2 The key security,operational and market issues that are relevant to this discussionare also Power Behind RSA SecurID Two-factor UserAuthentication: RSA Authentication ManagerTECHNOLOGY BACKGROUNDERTECHNOLOGY BACKGROUNDERTHE POWER BEHIND RSA SECURID TWO-FACTOR USERAUTHENTICATION: RSA Authentication MANAGERTABLE OF Authentication : AN E-BUSINESS RSA SECURID SOLUTION FOR TWO-FACTOR USER AUTHENTICATIONIII. KEY BENEFITS OF RSA Authentication Manager AND RSA SECURIDIV. PREVENTING UNAUTHORIZED ACCESS WITH RSA Authentication Manager DETAILVI. RSA Authentication Authentication MANAGERENTERPRISE EDITION ABOUT RSA SECURITY1246810121314I. USER Authentication : AN E-BUSINESS ENABLER User Authentication is an e-business enabler. If you can trust the identity of the employee who isattempting to connect to your corporate network fromhome, while traveling or when roaming within the complexusing the corporate wireless network, you can improve hisproductivity and facilitate your business by giving himaccess to the data he needs.
3 If you can trust the identity of the resellers who areattempting to access your partner web portal, you canmake available, on that portal, key information which willhelp them make a sale without worry that you will beexposing such information to a competitor or customer. If you can trust the identity of customers who areattempting to access your web-based knowledge database,you can serve them better by providing them with up-to-date information while saving support Authentication server is no longer a tactical pointsolution for one group or a single application. Rather, Authentication servers such as the RSA AuthenticationManager solution have become a mission-critical, strategiccomponent of the network infrastructure. As employeesand strategic partners increasingly decide to log in fromhome or need to log in from remote offices, the need for a1 RSA Authentication MANAGERRSA Security solution that is robust and easy to administerbecomes critical.
4 Customers will need access to yourextranet or intranet and the security administrator willneed to be able to quickly administer their securityprivileges before they are lost as customers. It is vital,therefore, to have a fast, scalable and efficientauthentication Authentication also prevents fraud. Many of the most damaging crimes online have a commondenominator: the circumvention of password protection togain access to information or funds. While basic passwordsmay be sufficient to safeguard non-critical systems, anorganization s sensitive applications, files and systemsdemand a higher order of protection. Fortunately, a singlesecurity approach can be used to deal with the entirespectrum of intrusions that result from password breaches:replacing basic password security with a two-factor userauthentication solution.
5 This solution not only mitigates therisk of security breaches but also enables companies tocomply with customers and strategic partners who demandsecure e-commerce, thereby avoiding the long-term costsassociated with security breaches and helping to increaserevenues. New revenue streams New customers New markets Competitive advantage etc. Acquisition Deployment OperatingWhat Value / ROI?Which Solution?Which Vendor?VENDORSELECTIONCRITERIATOTALCOSTO FOWNERSHIPHIGHERREVENUESLOWERCOSTSINCREA SEDCOMPLIANCEMITIGATEDRISKSTRATEGICFIT(U SERS)STRATEGICFIT(CORPORATE/SYSTEM) Cost reduction Cost avoidance Efficiency Effectiveness Convenience / ease of use Portability Multi-purpose Relative Security Interoperability / back-endintegration Robustness / scale Future flexibility Total cost of ownership Technical architecture Vision Financial viability Trustworthiness Service & support Regulations Customers Partners Competitors Internal High value information High value transactionsWhen evaluating an Authentication solutionthe following questions must be asked: What is the value of the solution?
6 Whatreturn on investment (ROI) will it bring?(Section III) Which Authentication solution is the bestfit for your organization? (Sections IV-VII)The answer to this question depends onmore than relative security and acquisitioncost and includes factors such asconvenience for end users, interoperabilityand future flexibility. Which vendor is the best partner forproviding such a solution? (section IX)II. THE RSA SECURID SOLUTION FOR TWO-FACTORUSER AUTHENTICATIONThe RSA SecurID solution for user Authentication is built onan approach called two-factor Authentication . The premiseof this approach is that a single, remembered factor such as apassword inherently provides a low proof of authenticity, sinceanyone who overhears or steals the password will appearcompletely genuine. It is the addition of a second, physicalproof that makes the certainty of authenticity exponentiallyhigher.
7 The bank ATM card is an example of a widely usedform of two-factor Authentication ; requiring the combinationof a PIN and also a valid ATM card provides a sufficient levelof security to support access to bank services and the RSA Security solution for two-factor userauthentication, authorized users are issued individuallyregistered RSA SecurID tokens that generate single-use tokencodes, which change based on a time code algorithm. Adifferent token code is generated every 60 seconds. Theauthentication server (RSA Authentication Manager ) thatprotects the network and e-business applications validates thisdynamic code. Each RSA SecurID token is unique and it isimpossible to predict the value of a future token code byrecording prior token codes. Thus when a correct token codeis supplied together with a PIN, there is a high degree ofcertainty that the person is the valid user in possession of theRSA SecurID Together: Server, Client and Intermediary AgentUser Authentication for wired or wireless local networkaccess, remote dial-in, Internet/VPN connections or webapplications is accomplished via the RSA AuthenticationManager Authentication server.
8 When a user attempts toaccess a protected system, a special software agent calledan RSA Authentication Agent initiates an RSAA uthentication Manager Authentication session instead of abasic password session. Most leading remote access server,firewall, VPN, wireless access and router products have built-in RSA Authentication Agents for out-of-the-boxcompatibility with RSA SecurID two-factor Authentication . Inaddition, both TACACS+ and RADIUS Authentication sessionsare supported by the RSA Authentication Manager Authentication Manager software includes a RADIUS server, so companies can manage user accounts from a singledatabase for both RADIUS and RSA SecurID a two-factor Authentication session, the user is required toenter a user name and in lieu of a password a PIN numberplus the current token code from his or her RSA SecurIDauthentication device.
9 The agent transmits the informationto the RSA Authentication Manager software, whichapproves access when the information is validated. The useris granted access appropriate to his or her authorizationlevel, which is noted by the RSA Authentication Managersoftware in its log Authentication MANAGERRSA Security ServerInternetIntranetDMZR emote User withRSA SecurIDFirewallFirewallWindows /UNIXN ovellRSA AuthenticationAgentsRSA AuthenticationAgentsRSA Authentication ManagerRSA AuthenticationManager ReplicaRSA AuthenticationManager ReplicasRASVPNRSA SecurID AuthenticatorsSecure network access and access to e-business applicationsbegins with ensuring that users are strongly authenticatedusing an RSA SecurID authenticator. RSA SecurID authenticatorsare offered in many forms: hardware tokens, software tokens,smart cards and USB devices.
10 The most common hardware formis the key fob, a device with a built-in chip, an LCD windowcapable of displaying up to an eight-digit number (or tokencode), yet small enough to be attached to a key ring. Whenshipped from RSA Security, the key fob is initialized with aunique seed value; each minute, the internal chip performs analgorithm combining and scrambling the seed value andcurrent time, to create a pseudo random addition to the key fob style, other token types include acredit card-sized authenticator and the RSA SecurID PINPAD technology model, which requires the entry of the user s PIN inorder to display the token code, and the RSA SecurID SoftwareToken for Windows desktops, the Palm Computing Platform,Microsoft PocketPC devices, BlackBerry handhelds and cellphones, which duplicates the function of the RSA SecurIDPINPAD token in the form of a software utility.
