Your SlideShare is downloading. ×
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
RSA Security: Authentication (ACE Server/SecurID)
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

RSA Security: Authentication (ACE Server/SecurID)


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Our security solutions fit the needs of real world security Authentication of the user Encryption of the data Management of the infrastructure.
  • Operating as a global virtual company can increase the risk and cost of doing business. Strong authentication - knowing who you are doing business with can lower the risk and cost of doing business for your customer Revenue loss - If your computer systems are down you are losing revenue. Good example of this is e-business or extranet Web sites - if customers or partners can’t place orders, you lose revenue for every minute your site is down due to a hack, etc. The companies who fell prey to infamous hacker Kevin Mitnick's attacks estimate their losses at almost $300 million. Damage - What is the cost to the business if your competitor has your future product plans or loss of company reputation if you can’t protect customer information or assets. Or the expense associated with recovering from a successful hack. Lastly using passwords are not free - Most help desk calls are related to a user forgetting his or her password. Ask your customer to multiple the number of password related help desk calls by $80 each
  • Explain the difference between authentication and identification.
  • All of these used individually are examples of one-factor authentication. Use ant two in combination and you have stronger protection.
  • Corporate Presentation 16
  • SecurID Passcodes can only be used ONCE! Shoulder Surfing and Snoop will NOT work ! Only Patented Time-Synchronous Algorithm: Safer than Competitor Solutions Market Share Leading Technology Fewer Steps to Configure Tokens Easier for End Users Explain seed record, GMT time, time drift Talk about token seed record and floppy - how you import into ACE/Server Does anyone know what time sync means ???
  • ACE performance has increased from 12 authentications per second in the 3.3.1 release to 60 authentications per second in ACE 3.6 (Master only) In a Master / Slave setting, ACE reaches 45 auths / second. This is in a hardware token environment, Software tokens have a different algorithm, therefore show a slower performance increase NT Name Server Synchronization Tool This tool extracts user information from the NT SAM database, and imports it into the ACE / Server (regardless of ACE platform). Software Token Administratoin SoftID Administration is now built directly into the ACE admin interface and database schema. The previous tool required the admin to handle one token at a time. The new tool handles volumes of tokens and users at a time. Enhance Platform Coverage ACE Server now supports the latest versions of Sun, HP, IBM and Microsoft OS. HP 10.20 and 11.0, Solaris 2.6 and 2.7, AIX 4.3.2, and Microsoft NT SP4 and 5.
  • We’re in the authentication business and our goal is to continue to create a range of authenticator options for customers. Allows customers to choose which authenticator form factor best fits their needs. With more than five million users worldwide, RSA SecurID authenticators are the most popular strong authentication tools on the market, thanks to their reliability, ease of use and safety from destruction or reverse engineering. Much simpler-to-use than other strong authentication alternatives, the wide range of authenticator form factors offers solutions that fit the way your users need to work. Designed to work with current and emerging technologies, the line of RSA SecurID authenticators is constantly expanding. RSA SecurID authenticators are now available in various forms of hardware and software tokens, including a version for Palm ™ Computing platforms; no special readers or hardware are required. A number of smart card versions are also available to fit the needs of organizations that are adopting smart card technology. Smart cards can combine network access credentials with physical access and also provide a secure option for the storage of private keys — the linchpin of PKI security.
  • The best way to discuss how you can apply RSA products to your customer’s environment is through solution scenarios. As we discussed in the last slide, RSA products are best applied in the following solution scenarios.
  • Let’s look at the overall picture, then go into these areas in more detail. As you know, secure remote access has been our traditional market. The good news is that this market is growing at 35% per year so it continues to be an important market for us and for our customers. What’s new for us is the attention on Internet-based remote access - most commonly VPNs and Firewalls . We want our customers to be able to take advantage of the Internet for remote access, so we have made it possible by making ACE interoperable with almost all of today’s virtual private network solutions. As companies are driving to be more efficient. This means getting their products to market better, faster, cheaper than the competition. To accomplish this they are creating E-Business applications (in the form of extranets or other e-commerce applications) letting partners, customers, contractors onto the company intranet or extranet to get the information they need to be successful. In recent times, more and more focus is being placed on the enterprise network . I am sure we are all familiar with recent studies that cite disgruntled employees as one of the major threats to an organization’s network. In fact, the CSI and FBI recently reported that nearly 50% of network hacks originated with employees. The amount of sensitive information being stored on the enterprise network is increasing. Examples include Engineering Plans, Acquisition information, Employee salary information To help reduce this risk, RSA Security is focusing on securing local network access.
  • RSA Secured Partners for RAS Ascend Cisco Microsoft Shiva The Who’s Who list of RAS vendors Check our Web site for the latest list Most RAS vendors integrate our Agent APIs into their products All customer needs to do is configure RAS device and ACE/Server to talk to one another
  • Similar to RAS, almost every VPN and Firewall vendor is SecurID Ready Aventail Checkpoint V-One
  • Today, you’re probably protecting your VPN merely with passwords. But, passwords are not an effective way to secure your VPN. That’s because passwords are easily hacked Passwords are usually written down Passwords are usually made up of easily guessed phrases (child’s name, maiden name, birth date, etc.) Passwords are often re-used for different applications (network access, email, vmail, ATM, etc.) We all know that password hacking is easier than ever– you don’t have to be a computer expert anymore. So what do you do to complete the security of your VPN and provide a truly trusted environment? You require two forms of ID to authenticate the user. In a non IPSec environment, you can still protect high value information with more than a password. Here you want to consider requiring two forms of ID for users looking to access the network. This is called two-factor authentication. Two-factor authentication allows you to positively identify that user before they gain access to valuable resources. This technique requires two forms of identification placing more of a burden on the user to identify himself. It ensures greater network security than the traditional static password that is easily hacked by combining something the user knows (secret PIN) and something the user has (pseudorandom token code that changes every 60 seconds)—thus positively identifying the user. Two-factor authentication is an effective, easy way to secure VPN user access to your valuable company information—and it’s virtually "hack proof." Consider the typical ATM scenario. That’s two-factor authentication. Their passcode (which is commonly as simple as their SSN and mother’s maiden name) is the “something they know” factor and their bank card is the “something they have” factor. Now consider that the maximum dollar value associated with an ATM transaction is relatively low. Why wouldn’t you apply the same level of security when it comes to your corporate data assets– where the stakes are much, much higher? It makes you wonder. Especially when it costs less to administer a two-factor authentication solution than the typical password solution (which is perceived to be less expensive, but in reality results in heavier on-going management costs). This Means: Two-factor authentication can be used to positively identify the user– so this is an RSA SecurID opportunity.
  • RSA SecurID is the de facto-standard in two-factor authentication solutions today. The solution has been deployed in over 5,000 companies (80% market share in the Fortune 100 segment) with over 6M authenticators deployed. The solution is know for it’s cutting-edge security, interoperability, scalability/reliability, ease of use, investment protection value and ability to protect private keys in a PPK environment. Two-factor Authentication Ensures greater network security than the traditional static password that is easily guessed or compromised. Positively identifies users by combining something they know (secret PIN) and something they have (pseudorandom token code that changes every 60 seconds). Two-factor authentication is virtually "hack proof." Offers a wide selection of form factors (including key fobs, hardware tokens, software tokens, PDA’s and smart cards), so the user can use devices that fit into their daily work habits, eliminating the need to carry multiple devices.   Interoperability All Leading VPN providers have RSA SecurID built-in into their products. The success of the SecurID Ready program proves that the participating vendors endorse the need for two-factor authentication. It also proves that they endorse RSA Security as the premier supplier of such technology.   Scalability The RSA SecurID authentication solution can scale to hundreds of thousands of users without an army of administrators. This scalability allows companies to expand security as the number of remote users multiplies.   Ease of Use The use of RSA SecurID authenticators is intuitive and requires minimal end-user training and fewer helpdesk calls. In addition, zero footprint makes deployment simple. RSA offers deployment service, RSA SecurID Express, that decreases the deployment burden by offering token assignment and delivery services directly to the end-user. In addition, the RSA Professional Services organization provides deployment and installation services allowing customers to secure end-users more quickly with fewer resource requirements.   Investment Protection The RSA SecurID authentication solution is compatible with virtually every major Internet / network infrastructure product on the market. One of the benefits of this advanced interoperability strategy is that companies can leverage the infrastructure already in place, safeguarding existing investments. Companies using RSA SecurID today for dial-up RAS can simply extend the application to cover their VPN.   Protect Private Keys Two-factor authentication is a required element of any environment – including PKI (public key infrastructure)—and authentication with RSA SecurID is the first step to a secure PKI deployment. Two-factor authentication is a strong compliment to public/private key. PKI should not be viewed as a replacement for two-factor authentication. Digital certificates provide digital identities that, when used in a PKI environment, can act as a single user identity. But the integrity of PKI relies on your ability to ensure that only the rightful owner of a digital certificate has access to the private key. Broad range of available form factors. RSA Security offers a broad range of form factors, including key fobs, hardware tokens, software tokens, PDA’s and smart cards. This wide choice of authenticators fit any customer’s or end-user’s requirements. The user can use devices that fit into their daily work habits, eliminating the need to carry multiple devices. Ease of Use The use of RSA SecurID authenticators is intuitive and requires minimal end-user training. The user simply enters their PIN followed the token code. Now users can use the same method to login remotely or locally. This makes for a more comfortable process for end users. Proven Reliability With over 6 million devices sold, RSA SecurID has the proven reliability to satisfy any end user.They never have to worry about synchronization, breakage, or battery life. RSA SecurID authenticators are used by 6 million users around the world. Why? Here’s a just a few of the reasons. <<< Show & tell time!!! Use your authenticator to demonstrate range of form factors, convenience, ease of use, and reliability. It’s the best way to get the point across. Let them touch & feel. Let them dial into something save on SalesWeb.>>> This Means: RSA SecurID is the defacto standard in two-factor authentication solutions enabling customer’s to secure their VPN easily and cost-effectively
  • Fundamentally, the linchpin for the widespread deployment of eCommerce is the ability of the merchant and the customer to ensure the validity of the electronic contractual commitment. Basically, five security principles can be applied to eCommerce transactions. Although each focuses on a securing a distinct aspect of a transaction, all five must work in concert to provide a truly secure eCommerce application. Let’s take a look at each principle. Authentication ensures both the parties are who they say they are. Forms of authentication include tokens, smartcards, digital certificates and eventually biometrics. Privacy protects confidential information using various forms of cryptography. Privacy in eCommerce transactions must be a two-way street. Customer want to protect purchasing information, social security number, credit card numbers, etc. Merchants want to protect internal information (costs, margins, sales, pricing) and customer information (preferences, credit card numbers, purchase/credit histories) Authorization ensures each party is allowed to enter the commitment. Integrity ensures that a transaction has not been altered or destroyed while the communication is in transit. Non-Repudiation provides evidence for both parties that the transaction actually occurred. In essence it provides an electronic receipt of the transaction.
  • To further the Ease of Use offered , RSA Keon Advanced PKI provides users with the ability to automatically encrypt sensitive files by simply saving to a secured directory.
  • Transcript

    • 1. Strong Authentication Matt Collings Channel Development Manager
    • 2. RSA Security Inc. The Most Trusted Name in e-Security
      • Market leader in authentication and encryption
      • Rapidly growing force in PKI
      • Most recognized brand in the industry
      • Mantra for open, standards-based solutions
      • Integrated, synergistic product lines
      • RSA technical know-how, two decades of expertise
      • Solid customer base
      • Strategic partnerships across industry
      • Strong channel relationships
      • Global presence
      • Professional services for the enterprise
      And the list goes on...
    • 3. Global Company
      • 1,000+ employees worldwide
      • Direct sales and SecurWorld channel partners in more than 45 countries
      • 150 RSA SecurID Ready partnerships around the world, 230 RSA SecurID Ready Certified Products
      • 40+ RSA Keon Ready Partnerships
      • 600+ RSA BSAFE Partners worldwide
    • 4. We Enable Secure e-Business by… Enable Ensuring the authenticity of. . . . . .in wired and wireless environments People Devices Transactions
    • 5. Ensuring Authenticity … Secure e-Business Process
    • 6. … Means Solving these Problems User Identity Privileges and Personalization Data Privacy Transaction Integrity
    • 7. With Enabling Technologies Authentication Authorization Encryption PKI User Identity Privileges and Personalization Data Privacy Transaction Integrity
    • 8. Delivered in RSA Products Authentication Authorization Encryption PKI User Identity Privileges and Personalization Data Privacy Transaction Integrity
    • 9. Cost of Not Having Strong Authentication * FBI, 3/99 Revenue Impact
      • ISP hacked, 100 hours of down time Bottom Line: $400,000 loss due to lost customers
      • New York Times online hacked & down for 10 hrs Bottom Line: $250,000 loss in revenue
      • Kevin Mitnick’s attacks cost companies almost $300M
      Damage Costs
      • Criminal hacking caused $123M in losses last year *
      Maintenance Costs
      • Password maintenance costs = $60+ per help desk call
    • 10. RSA SecurID Identification vs. Authentication
      • Identification Who are you? “I am Matt Collings”
      Authentication Prove it.
    • 11. Authentication The Basics
      • Something you know
        • Password
        • PIN
        • “ mother’s maiden name”
      • Something you have
        • Physical key
        • Token
        • Magnetic card
        • Smart card
      • Something unique about you
        • Fingerprint
        • Iris
        • Face recognition
      “ Matt Collings”
    • 12. Two-Factor User Authentication + PIN
    • 13. SecurID Product Family Components ACE / Server ACE / Agents SecurID Authenticators
    • 14. Time-based Token Authentication 2468 234836 PIN TOKENCODE Login: mcollings Passcode: Token code: Changes every 60 seconds Unique seed Clock synchronized to UCT PASSCODE = + PIN TOKENCODE
    • 15. A Closer Look at Time Synchronization Seed Time 354982 RSA ACE/Server Authenticator Algorithm Seed Time 354982 Algorithm Same Seed Same Time
    • 16. RSA ACE/Server Architecture Secondary Primary Automatic Updates
    • 17. The Expanding RSA SecurID Family
      • RSA SecurID hardware tokens
      • RSA SecurID software tokens
      • RSA SecurID smart cards
      • RSA SecurID for the Palm Computing Platform
      • RSA SecurID for WAP devices
    • 18. The Passage Smart Card- A platform for authentication and more Passage Smart Card 6 Provides for building access via magnetic stripe or proximity chip (HID, Mifare,…) Building Access Supports dynamic loading and unloading of additional applications, like e-purse, loyalty, … Value-added Applications Supports the US Federal Government’s Common Access Card initiative CAC Support Offers the power of RSA’s SecurID Passage smart card software Passage Applications Employee Badge Offers personalization with photo ID, logos, signature panel, … Provides on-card key generation, crypto co-processor, and secure storage of PKI credentials PKI Credentials Multi-application Platform JavaCard and Open Platform compliant, on-chip USB engine in 2002
    • 19. RSA Security Solutions RSA SecurID Remote Access VPNs e-Business Enterprise Access
    • 20. Solutions from RSA Security Web Server Firewall RAS Intranet Mainframe Enterprise UNIX Enterprise Access RSA Agents RSA ACE Server RSA Agent Remote Access Internet RSA Agent Internet Access e-Business RSA Agent
    • 21. Dial-Up Interoperability RSA SecurID Ready Partners RAS Intranet Mainframe Enterprise UNIX RSA Agent Remote Access RSA ACE Server 3Com Access Beyond ACT Networks Apple Computer Ascend Attachmate BinTec Cabletron Cisco Citrix Systems Compaq Digi International Emulex FORE Systems Funk Software Gandalf Technologies Hewlett-Packard IBM ITK Kasten Chase Lantronix Livingston (AT&T) Microsoft NextCom Nortel Networks Novell Perle Systems PFU Ltd. RAScom Shiva / Intel Soliton Systems K.K. Xyplex Networks
    • 22. VPN / Firewall Interoperability SecurID Ready VPN & Firewall Partners Firewall /VPN Intranet Mainframe Enterprise UNIX Internet RSA Agent Internet Access RSA ACE Server AltaVista Ascend Aventail Check Point Fortress IBM InfoExpress Internet Devices Indus River Nortel Networks RedCreek Semaphore Shiva / Intel Sun TimeStep TIS V-ONE VPNet ANS Ascend Axent (Raptor) Check Point Cisco CyberGuard IBM Internet Dynamics Milkyway Networks NEC Technologies Netscreen Net Associates (TIS) Secure Computing Sun Microsystems Technologic WatchGuard
    • 23. Virtual Private Networks Security Environment (Non IPSec) Encrypted tunnel through public network Who’s at the other end of the line? Corporate Network VPN Client VPN Gateway Internet
    • 24. Virtual Private Networks RSA SecurID Benefits Works with or without PKI Flexibility Fits a road warrior’s arsenal of tools for user convenience Broad range of authenticators Integrates with all major VPN products Interoperability and investment protection Scales to 100,000’s of users Scalability Simple user execution and single method of login Easy to use Authentication ensures security for VPN access Positive identification of users Benefit Feature
    • 25. What is Public Key Infrastructure?
      • Framework for using public/private keys
      • Issues, stores, revokes digital certificates
      • Establishes trust relationships among employees, suppliers, customers
      • Provides security for existing applications and environments
      • Enables new applications and commerce opportunities
      • Enables new uses of existing applications
    • 26. What PKI Provides
      • Authentication to ensure parties are who they say they are
      • Privacy to protect sensitive information
      • Authorization to ensure parties can access specific information
      • Integrity to guarantee the transaction is not altered
      • Non-repudiation to prove the transaction occurred
    • 27. PKI Components
      • Public/private key pair
      • Digital certificate
      • Certificate authority
      • LDAP directory
      • Authentication device
    • 28. RSA Keon PKI Solutions RSA Keon Desktop Web app. e-mail Application server (e.g.SAP) RSA Keon Security Server RSA BSAFE PKI - enabled app. RSA SecurID Authenticator RSA Keon Agent RSA Keon RA RSA Keon CA 6
    • 29. Transparent File Encryption Keon Desktop Save to Secure Directory Automatically Encrypted Create File Secure Directory
    • 30. The Most Trusted Name in e-Security WWW.RSASECURITY.COM