Example: barber

RSA SecurID Authentication User Access - Insight

RSA Solution BriefRSA SecurID Authentication in Action: Securing PrivilegedUser AccessRSA Solution Brief2 RSA SecurID solutions not only protect enterprises against Access byoutsiders, but also secure resources from internal threatsThe most critical systems in the enterprise such as operating system platforms, networkinginfrastructure and databases must be administered by privileged users. These users havegreater control over the physical and logical infrastructure, and organizations need to imple-ment best practices for controlling and logging privileged user Access . Two-factor Authentication of privileged users helps organizations to ensure that these influ-ential employees prove their identities before making administrative changes to systems. Bydeploying RSA SecurID solutions, organizations can protect Access to critical systems,track and monitor privileged user Access and manage the credentials of IT administrators sothey can only Access the systems for which they are responsible.

of SecurID authenticators—from hardware tokens that can fit in a wallet or are small enough to attach to a key chain to software tokens usable on a laptop, ... Because the RSA Authentication Manager software logs all transactions and user activity, it can be. RSA Solution Brief.

Tags:

  Manager, Authentication, Rsa authentication manager, Authenticator

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of RSA SecurID Authentication User Access - Insight

1 RSA Solution BriefRSA SecurID Authentication in Action: Securing PrivilegedUser AccessRSA Solution Brief2 RSA SecurID solutions not only protect enterprises against Access byoutsiders, but also secure resources from internal threatsThe most critical systems in the enterprise such as operating system platforms, networkinginfrastructure and databases must be administered by privileged users. These users havegreater control over the physical and logical infrastructure, and organizations need to imple-ment best practices for controlling and logging privileged user Access . Two-factor Authentication of privileged users helps organizations to ensure that these influ-ential employees prove their identities before making administrative changes to systems. Bydeploying RSA SecurID solutions, organizations can protect Access to critical systems,track and monitor privileged user Access and manage the credentials of IT administrators sothey can only Access the systems for which they are responsible.

2 RSA SecurID solutions notonly protect enterprises against electronic Access from outsiders, but also secure enterpriseresources from internal Solution BriefGranting and Securing Privileged UserAccessA privileged user is one who is allocated powerswithin the computing system that are significantlygreater than those available to the majority of privileged users with increased control overcomputing systems is essential, because theenterprise needs highly skilled technical professionalsto administer systems, infrastructure andapplications. Privileged users are responsible for theperformance of the computing system; creating andmaintaining user accounts; troubleshootingoperational issues; administering system upgradesand any reconfigurations required in the course ofongoing users have the ability to manipulateinfrastructure and application configurations, andwith this increased power comes increasedresponsibility and increased security risks for theenterprise.

3 Examples of privileged users include: Systems administrators, Network administrators, Application support engineers, Database administrators (DBAs), Help desk staff and IT hard-working professionals are crucial fordesigning, maintaining and evolving the computerand communications systems at the heart of manyorganizations. These administrators need the abilityto instantly Access IT resources so they can tunesystems to support business processes and highperformance for end-users. While organizations traditionally focus on protectingsystems from external attack, it is essential to protectenterprise systems from threats coming from insidethe enterprise. The management of users and groupsthat have privileged Access is essential for protectingenterprise resources. Although many organizationsencourage privileged users to be constantly alert, they should also be alert to the need to monitor andmanage the activities of the privileged usersthemselves to protect against abuse.

4 An Insider Threat Survey conducted last year by theComputer Emergency Response Team (CERT) atCarnegie Mellon University found that 57 percent ofinsider security attacks identified were carried outby employees who at one time had privileged userstatus. It is not enough to monitor the behavior ofholders of user accounts organizations should alsomonitor the behavior of privileged users to preventpotential fraud and Authentication not only protects theenterprise from the possibility of data theft or fraud byprivileged users it also protects privileged usersthemselves by enabling a clear audit trail of logging Authentication activity, organizations canpro-actively identify potential risks and prevent3unwanted Access . They can also perform forensics onviolations to determine the root cause of securityviolations and clear innocent privileged Access usersof any wrongdoing. Protecting enterprise information can be a double-edged sword.

5 While organizations are increasinglytaking steps to protect Access to information,collaboration and collusion by employees becomes agreater threat. Criminals intent on accessingenterprise systems can use covert measures such asstealing user passwords or overt measures, such asblackmailing or threatening a privileged user to gainaccess. Insider collaboration can be unwitting (bythieves stealing passwords) or intentional. Carefullymonitoring Access activity is a responsible step forbusinesses to take to ensure best practices forprotecting have to protect systems againstindividuals who have fraudulently obtained privilegedaccess credentials, and passwords are insufficient forprotecting Access by privileged users. They arefrequently lost and can be easily stolen, and the theftof a privileged user s password could potentiallyresult in a devastating impact on also have to protect systems againstdisgruntled privileged users who may seek to harmthe enterprise by disrupting the operations ofbusiness systems.

6 An unhappy privileged user couldpotentially delete critical information, disable thenetwork or prevent users from accessing theinformation they need to perform their jobs. Theability to centrally manage the Access credentials forprivileged users is essential so that organizations caneasily revoke the privileged Access privileges of adisgruntled administrative Solution BriefAn unhappy privileged user could potentiallydelete critical information, disable the network orprevent users from accessing Practices for Protecting AccessCERT found that 20 percent of allelectronic crimes are committed byinsiders, and concluded that the pri-mary motives for attacks from insid-ers is a response to a negative eventor revenge against the developed the following sum-mary of best practices: Conduct background checks Institute periodic employee security training Enforce separation of duties Implement strict password andaccount management policies Log, monitor and audit employeeonline actions Use additional controls for sys-tems administrators and privi-leged users Actively defend againstmalicious code Use layered defenses againstremote attacks Monitor and respond to suspi-cious or disruptive behavior Deactivate Access following termi-nation Collect and save data for use ininvestigations Implement secure backup andrecovery processes Clearly document insider threatcontrols4 The Need for Two-factor AuthenticationOrganizations can protect enterprise information andoperations by deploying two-factor authenticationsolutions from RSA, The Security Division of EMC.

7 RSAproducts help organizations protect privateinformation and manage the identities of people,devices and applications accessing and exchangingthat information. RSA SecurID two-factorauthentication is based on something you know andsomething you have, providing a much more reliablelevel of user Authentication than reusable SecurID Authentication has been on the marketfor over 15 years with no reported security SecurID Authentication tokens provide hacker-resistant two-factor Authentication , resulting in easy-to-use and effective user identification. Based on RSA s patented time synchronizationtechnology, Authentication tokens generate a simple,one-time Authentication code that changes every 60seconds. To Access resources protected by the RSAS ecurID system, users simply combine their secretpersonal identification numbers (PINs) somethingthey alone know with the token codes generated bytheir authenticators something they carry.

8 The result is a unique, one-time-use passcode that isused to positively identify or authenticate the the code is validated by the RSA SecurID system,the user is granted Access to the protected resource. Ifit is not recognized, the user is denied Access . Organizations worldwide already rely on RSA SecurIDsolutions for two-factor Authentication from theirdesktop or from a remote PC. RSA offers a wide rangeof SecurID authenticators from hardware tokens thatcan fit in a wallet or are small enough to attach to akey chain to software tokens usable on a laptop,phone or BlackBerry. Two-factor Authentication notonly enables secure Access for privileged users, it canalso be deployed to the entire user community toprotect Access to information and prove the identitiesof users accessing critical business Down Infrastucture AccessTwo-factor Authentication allows companies topositively identify a privileged user before that user isgranted Access .

9 Companies can lock down enterpriseinfrastructure and require privileged users toauthenticate before accessing critical infrastructure,including:Routers and Switches Networking infrastructure isessential for delivering information and ensuring theongoing performance of business processes, andprivileged users should authenticate before changingthe configurations of routers and routers and switches can shut down thenetwork or disrupt Access for certain floors,departments or buildings. By entering something theyknow their PIN and something they have theconstantly changing passcode on their token privileged users can authenticate before beinggranted Access privileges. Remote Access Equipment Virtual private network(VPN) and remote Access servers should also requireprivileged users to authenticate. This protects theenterprise from attacks emanating from beyond theboundaries of the enterprise.

10 Organizations cancentrally monitor the activities of privileged users toprevent the creation and utilization of rogue accountsthat provide remote Access to unauthorized Just as organizations rely on firewalls forprotecting the enterprise from external attacks,organizations should also protect firewalls frompotential internal attacks. A privileged user couldpotentially change the port settings on firewalls toexpose the enterprise to attack, resulting in a thefront door is locked, but the windows are open scenario that potentially harms Administration It is essential that privilegedusers gain remote administrative privileges so theycan maintain and troubleshoot servers in remote datacenters or infrastructure in small offices. Two-factorauthentication can enable secure remoteadministration to centrally protect the security inoffsite Solution Brief5 RSA Solution BriefWeb Servers The corporate website has become theprimary face of most organizations.


Related search queries