SlideShare a Scribd company logo

RSA Secur id for windows

Download as PPT, PDF
A
arpit06055

RSA SecurID provides two-factor authentication for accessing Microsoft Windows using a username and passcode. It works by hashing the passcode on the RSA ACE/Server and storing the hashed passcodes, emergency access passwords, and encrypted Windows passwords. This allows users to authenticate both online by supplying the username and passcode to the ACE/Server, and offline using cached credentials on the laptop. RSA SecurID for Windows offers a simple, consistent, and secure authentication method with centralized logging and reporting across VPN, wireless, web portals, and applications.

Engineering
1 of 36
RSA SecurID® for Microsoft® Windows® Gary Lau CISSP, CISA Principal Consultant North Asia
Agenda • RSA SecurID – the standard for Strong 2 Factors Authentication • Authentication in the Enterprise • Authentication to Microsoft Windows • How It Works • Other MS Solutions that are RSA Ready
Need to access information Need to protect corporate resources The Business Problem
The Business Problem • Low security of static password • Difficult to remember • Inconsistent user experience • Users write them down • Help desk costs • Unproductive users • Frustration
Passwords Are a Big Problem Problems with passwords were mentioned spontaneously in 2 2003 focus groups: • “You have to log in and have complicated, long passwords with numbers and digits” • “I just see my friends trying to use (their passwords) and forgetting them all the time” • Many consumer applications force multiple logons with different user names, passwords, account numbers
Consumer fraud complaints for 2003 • Identity theft 43% • Internet auctions 13% • Internet services, computer complaints 6% • Shop-at-home, catalog offers 5% • Advance fee loans, credit protection 5% • Prizes/sweepstakes/gifts 4% • Foreign money offers 4% • Business opportunities, work-at-home plans 3% • Magazines, buyers clubs 2% • Telephone services 2% • Healthcare 2% Source: Federal Trade Commission
The Fastest Growing Crime almost $53 billion in the previous year. $53 Billion In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost by 2005. $2 Trillion Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion
Auditing • Multiple access points • Multiple logs • Compliance requirements
Methods of Authentication • Something you know —Password, PIN, “mother’s maiden name” • Something you have —magnetic card, smart card, token, Physical key • Something unique about you —Finger print, voice, retina, iris “1059” Bank 1234 5678 9010
Solving the Password Problem • Combine something you have ... — your ATM card, for example ++ PPIINN • ... with something you know ... — your PIN == TTwwoo--ffaaccttoorr aauutthheennttiiccaattiioonn!!
Grant access: Y/N? User enters Passcode (PIN + token code) Security • Proven security • 15 million users • 14,000 customers
RSA SecurID Product Family Components ACE / Server ACE / Agents SecurID Authenticators
Two-factor Authentication with RSA SecurID Login: GLAU Passcode: 2468234836 PASSCODE = PIN + TOKENCODE Token code: Changes every 60 seconds Unique seed Internal battery Clock synchronized to UCT / GMT
How Customers Use RSA SecurID E-Business Enterprise Web Server or Portal Server Intranet AApppplliiccaattiioonnss && RReessoouurrcceess RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall Enterprise Access Others WLAN
Authentication in the Enterprise Past: Strong Authentication for Remote Access RSA SecurID users Sysadmins Mobile workforce ~20% RAS/VPN Enterprise Mobile workforce required to strongly authenticate Everyone else uses passwords. Why? •Assumption that because a person is in the building, I can better trust them •No real alternative
Authentication in the Enterprise Present: Network is opening up, getting more porous Mobile workforce Enterprise Customers & Partners WLAN Web Sysadmins ~30% RAS/VPN Strong authentication being required to use • WLAN • Web • SSL VPN But passwords still the way to authenticate to Windows •No real alternative RSA SecurID users
Authentication to Microsoft Windows Today: Username and password Today a user types in his Username and Windows password to authenticate to the network.
Authentication to Microsoft Windows Tomorrow: Username and passcode Supports: •Local •Domain •Terminal Services •Password Integration •Online and Offline
RSA SecurID Login
Simplicity • Simple • Consistent • Secure VPN Windows Wireless Web portal Applications
Auditability • Centralized logging • Robust reporting VPN Windows Wireless Web portal Applications
RSA SecurID for Microsoft Windows Configuration Requirements Desktop/Laptop Domain Controller RSA ACE Server RSA ACE/Agent 6.0 Client RSA ACE/Agent 6.0 RSA ACE/Server 6.0 Window: 2000, XP, 2003 Microsoft: 2000 & 2003 Microsoft Server: 2000 & 2003 GINA Replacement AD userid and RSA ACE/Server userid must be the same Auto Install via MSI
RSA SecurID Architecture RSA ACE/Agents Web Server RSA Firewall ACE/Agent RSA ACE/Server (replica) Firewall IInnttrraanneett VPN DDMMZZ RSA ACE/Server (primary) RSA ACE/Agents PDC RAS
How It Works User on-line (Network Connected) Domain Controller RSA hashed Passcode store RSA ACE/Server 1. Username and passcode 2. Username and passcode provided to ACE/Server along with date/time of last available passcode 5. Username, Windows password supplied to AD 3 and 4. Agent is told Authentication was successful and is provided: - Windows password - Ticket for hashed passcode retrieval 7. ACE/Server provides to passcode store: - Hashed passcodes - Emergency access password - Encrypted Windows password (for use when offline) 6. Kerberos Ticket supplied to desktop
RSA hashed Passcode store How It Works User off-line (Network disconnected) Microsoft’s cached credentials 5. Username, Windows password RSA ACE/Server 1. Username and passcode, or emergency access code 2. Username and Passcode (or emergency access code) 6. Offline Kerberos ticket 3 and 4. Authentication successful - Decrypted Windows password Laptop
RSA SecurID for Microsoft Windows Windows Password • Windows Password Security Policy Options — Make the password long, complicated and static since its of no use without Strong Authentication — Continue forced MS password change: • Admin forces a password change or it expires • Old password automatically filled in by RSA ACE/Server • New password typed by end user and stored in RSA ACE/Server • Handled gracefully in online and offline mode
RSA SecurID for Microsoft Windows Administrative Configuration Options • System-wide Settings — Allow/deny – offline use — # of days users can be offline — Warn user of limited offline days — # of bad passcodes before locking user’s token — Accept an offline authentication or require re-authentication upon reconnect — Bring log of offline events from clients into A/S log database • Emergency Access — Help desk can provide end user emergency access code for when end user forgets PIN, forgets token, or runs out of offline days
Other Microsoft Solutions that are RSA Ready
Already Certified MS Solutions • MS Active Directory Application Mode • MS Active Directory • MS Certificate Services • MS Crypto API • MS Exchange ActiveSync • MS Exchange Server • MS Internet Explorer • MS IIS • MS ISA Server • MS Mobile Information Server • MS Office XP • MS OWA • MS Outlook/Outlook Express • MS Routing and Remote Access • MS Windows 2000 • MS Windows NT • MS Windows XP Sources: www.rsasecured.com
RSA SecurID with Microsoft Exchange ActiveSync Start -> ActivEenStyenrc UsernaEmnteer Username and Success and start synchronization! PASSCODE
RSA SecurID with Microsoft ISA Server (VPN)
RSA SecurID with Microsoft OWA
RSA SecurID with Microsoft Mobile Information Server
Summary RSA SecurID for Microsoft Windows • Secure • Simple • Auditable
RSA SecurID for Microsoft Windows
Thank you!! Please visit www.rsasecured.com for other RSA certified products. khlau@rsasecurity.com www.rsasecurity.com

Recommended

Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
Tatyana Kobets
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 

Recommended

Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
Tatyana Kobets
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
Hai Nguyen
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
CHARGE Anywhere
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
NCCOMMS
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
Greg Stone
 
2FA OTP Hard Token
2FA OTP Hard Token2FA OTP Hard Token
2FA OTP Hard Token
2FA, Inc.
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
Greg Stone
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
Wen-Pai Lu
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
Hitachi ID Systems, Inc.
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
GENIANS, INC.
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
GENIANS, INC.
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
Carahsoft
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
RapidSSLOnline.com
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
Blue Teamer
 
RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
PepeMartin23
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
PepeMartin23
 

More Related Content

What's hot

What's hot (20)

Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
 
2FA OTP Hard Token
2FA OTP Hard Token2FA OTP Hard Token
2FA OTP Hard Token
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
 

Similar to RSA Secur id for windows

Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
Information Security Services SA
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
Greg Stone
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 

Similar to RSA Secur id for windows (20)

RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Securing Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUESecuring Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUE
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems Overview
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 

Recently uploaded

UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 

Recently uploaded (20)

UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 

RSA Secur id for windows

  • 1. RSA SecurID® for Microsoft® Windows® Gary Lau CISSP, CISA Principal Consultant North Asia
  • 2. Agenda • RSA SecurID – the standard for Strong 2 Factors Authentication • Authentication in the Enterprise • Authentication to Microsoft Windows • How It Works • Other MS Solutions that are RSA Ready
  • 3. Need to access information Need to protect corporate resources The Business Problem
  • 4. The Business Problem • Low security of static password • Difficult to remember • Inconsistent user experience • Users write them down • Help desk costs • Unproductive users • Frustration
  • 5. Passwords Are a Big Problem Problems with passwords were mentioned spontaneously in 2 2003 focus groups: • “You have to log in and have complicated, long passwords with numbers and digits” • “I just see my friends trying to use (their passwords) and forgetting them all the time” • Many consumer applications force multiple logons with different user names, passwords, account numbers
  • 6. Consumer fraud complaints for 2003 • Identity theft 43% • Internet auctions 13% • Internet services, computer complaints 6% • Shop-at-home, catalog offers 5% • Advance fee loans, credit protection 5% • Prizes/sweepstakes/gifts 4% • Foreign money offers 4% • Business opportunities, work-at-home plans 3% • Magazines, buyers clubs 2% • Telephone services 2% • Healthcare 2% Source: Federal Trade Commission
  • 7. The Fastest Growing Crime almost $53 billion in the previous year. $53 Billion In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost by 2005. $2 Trillion Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion
  • 8. Auditing • Multiple access points • Multiple logs • Compliance requirements
  • 9. Methods of Authentication • Something you know —Password, PIN, “mother’s maiden name” • Something you have —magnetic card, smart card, token, Physical key • Something unique about you —Finger print, voice, retina, iris “1059” Bank 1234 5678 9010
  • 10. Solving the Password Problem • Combine something you have ... — your ATM card, for example ++ PPIINN • ... with something you know ... — your PIN == TTwwoo--ffaaccttoorr aauutthheennttiiccaattiioonn!!
  • 11. Grant access: Y/N? User enters Passcode (PIN + token code) Security • Proven security • 15 million users • 14,000 customers
  • 12. RSA SecurID Product Family Components ACE / Server ACE / Agents SecurID Authenticators
  • 13. Two-factor Authentication with RSA SecurID Login: GLAU Passcode: 2468234836 PASSCODE = PIN + TOKENCODE Token code: Changes every 60 seconds Unique seed Internal battery Clock synchronized to UCT / GMT
  • 14. How Customers Use RSA SecurID E-Business Enterprise Web Server or Portal Server Intranet AApppplliiccaattiioonnss && RReessoouurrcceess RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall Enterprise Access Others WLAN
  • 15. Authentication in the Enterprise Past: Strong Authentication for Remote Access RSA SecurID users Sysadmins Mobile workforce ~20% RAS/VPN Enterprise Mobile workforce required to strongly authenticate Everyone else uses passwords. Why? •Assumption that because a person is in the building, I can better trust them •No real alternative
  • 16. Authentication in the Enterprise Present: Network is opening up, getting more porous Mobile workforce Enterprise Customers & Partners WLAN Web Sysadmins ~30% RAS/VPN Strong authentication being required to use • WLAN • Web • SSL VPN But passwords still the way to authenticate to Windows •No real alternative RSA SecurID users
  • 17. Authentication to Microsoft Windows Today: Username and password Today a user types in his Username and Windows password to authenticate to the network.
  • 18. Authentication to Microsoft Windows Tomorrow: Username and passcode Supports: •Local •Domain •Terminal Services •Password Integration •Online and Offline
  • 20. Simplicity • Simple • Consistent • Secure VPN Windows Wireless Web portal Applications
  • 21. Auditability • Centralized logging • Robust reporting VPN Windows Wireless Web portal Applications
  • 22. RSA SecurID for Microsoft Windows Configuration Requirements Desktop/Laptop Domain Controller RSA ACE Server RSA ACE/Agent 6.0 Client RSA ACE/Agent 6.0 RSA ACE/Server 6.0 Window: 2000, XP, 2003 Microsoft: 2000 & 2003 Microsoft Server: 2000 & 2003 GINA Replacement AD userid and RSA ACE/Server userid must be the same Auto Install via MSI
  • 23. RSA SecurID Architecture RSA ACE/Agents Web Server RSA Firewall ACE/Agent RSA ACE/Server (replica) Firewall IInnttrraanneett VPN DDMMZZ RSA ACE/Server (primary) RSA ACE/Agents PDC RAS
  • 24. How It Works User on-line (Network Connected) Domain Controller RSA hashed Passcode store RSA ACE/Server 1. Username and passcode 2. Username and passcode provided to ACE/Server along with date/time of last available passcode 5. Username, Windows password supplied to AD 3 and 4. Agent is told Authentication was successful and is provided: - Windows password - Ticket for hashed passcode retrieval 7. ACE/Server provides to passcode store: - Hashed passcodes - Emergency access password - Encrypted Windows password (for use when offline) 6. Kerberos Ticket supplied to desktop
  • 25. RSA hashed Passcode store How It Works User off-line (Network disconnected) Microsoft’s cached credentials 5. Username, Windows password RSA ACE/Server 1. Username and passcode, or emergency access code 2. Username and Passcode (or emergency access code) 6. Offline Kerberos ticket 3 and 4. Authentication successful - Decrypted Windows password Laptop
  • 26. RSA SecurID for Microsoft Windows Windows Password • Windows Password Security Policy Options — Make the password long, complicated and static since its of no use without Strong Authentication — Continue forced MS password change: • Admin forces a password change or it expires • Old password automatically filled in by RSA ACE/Server • New password typed by end user and stored in RSA ACE/Server • Handled gracefully in online and offline mode
  • 27. RSA SecurID for Microsoft Windows Administrative Configuration Options • System-wide Settings — Allow/deny – offline use — # of days users can be offline — Warn user of limited offline days — # of bad passcodes before locking user’s token — Accept an offline authentication or require re-authentication upon reconnect — Bring log of offline events from clients into A/S log database • Emergency Access — Help desk can provide end user emergency access code for when end user forgets PIN, forgets token, or runs out of offline days
  • 28. Other Microsoft Solutions that are RSA Ready
  • 29. Already Certified MS Solutions • MS Active Directory Application Mode • MS Active Directory • MS Certificate Services • MS Crypto API • MS Exchange ActiveSync • MS Exchange Server • MS Internet Explorer • MS IIS • MS ISA Server • MS Mobile Information Server • MS Office XP • MS OWA • MS Outlook/Outlook Express • MS Routing and Remote Access • MS Windows 2000 • MS Windows NT • MS Windows XP Sources: www.rsasecured.com
  • 30. RSA SecurID with Microsoft Exchange ActiveSync Start -> ActivEenStyenrc UsernaEmnteer Username and Success and start synchronization! PASSCODE
  • 31. RSA SecurID with Microsoft ISA Server (VPN)
  • 32. RSA SecurID with Microsoft OWA
  • 33. RSA SecurID with Microsoft Mobile Information Server
  • 34. Summary RSA SecurID for Microsoft Windows • Secure • Simple • Auditable
  • 35. RSA SecurID for Microsoft Windows
  • 36. Thank you!! Please visit www.rsasecured.com for other RSA certified products. khlau@rsasecurity.com www.rsasecurity.com

Editor's Notes

  1. <number>
  2. <number>
  3. <number>
  4. <number>
  5. <number>
  6. <number> Now I’m going to present one more problem to you. Auditing. Many companies are required to protect access to private information and to prove who has accessed the data. The problem is, with so many access methods and applications there are multiple access logs. And, how do you prove who has logged on and accessed the information? If you can’t trust the authentication method, how can you trust the audit logs?
  7. <number> Slide Title: Authentication Methods Key Message: There are three primary ways to authenticate an individual, something you know, something you have or something you are Speaker Points: Notes:
  8. <number>
  9. <number>
  10. <number>
  11. <number>
  12. <number>
  13. <number>
  14. <number>
  15. <number>
  16. <number>
  17. <number>
  18. <number>
  19. <number>
  20. <number>
  21. <number>
  22. <number>
  23. <number> So now you can see why we’re so excited about this announcement, it’s secure, simple for the users, and auditable.
  24. <number> Questions?