2Today, we live in an era where data is the lifeblood of a company. Now, security risks aremore pressing as attackers have broadened their targets beyond financial information andpersonal identities. They are becoming increasingly daring and manipulative as they targetintellectual property and trade secrets making information systems that rely on staticpasswords more vulnerable and at risk than ever. The cause for concern is only magnifiedas the cost associated with a data breach has reached an estimate of $ 6.6 million1.Additionally, government regulations such as Sarbanes-Oxley, PCI Data Security Standard,US Data Breach Notification Laws and others have been put in place to protect access tocorporate networks. Failure to meet requirements that call for the implementation of two-factorauthentication could result in regulatory fines and irreversible damage to a brand’s reputation.Whether it is avoiding data breaches, decreasing costs or complying with governmentregulations, protecting access to critical information with a strong two-factor authenticationsolution is a necessary component of any organization’s overall strategy.RSA SecurID Two-Factor AuthenticationAs the market-leading two-factor authenticationsolution, RSA SecurID offers the strength of security,broad application support, variety of authenticationmethods and reliability required to protect thenetwork assets of companies worldwide. Thecomponents of this solution include RSAAuthentication Manager software, RSA AuthenticationAgents, and RSA SecurID authenticators.Each RSA SecurID authenticator has a uniquesymmetric key that is combined with a provenalgorithm to generate a new one-time password (OTP)every 60 seconds. Patented technology synchronizeseach authenticator with the Authentication Managerserver, ensuring a high level of security. The one-timepassword – something you have – is coupled with asecret personal identification number (PIN) –something you know – to create a combination thatis nearly impossible for a hacker to guess. RSASecurID authentication provides anytime, anywhere,secure access to VPNs, wireless access points,web applications and network operating systemsand more.RSA Authentication Manager, RSA SecurIDAppliance, & RSA Authentication Agents –Security, Scalability and InteroperabilityRSA Authentication ManagerRSA Authentication Manager software is themanagement component and engine behind theRSA SecurID industry-leading two-factor userauthentication technology. It is used by more than 30million end-users worldwide to verify authenticationrequests and centrally administer user authenticationpolicies for access to enterprise resources. Designedto fit the needs of organizations of all sizes, RSAAuthentication Manager software is built upon anenterprise class multi-processor architecture that iscapable of handling from as few as twenty-five usersto millions of users per server and hundreds ofsimultaneous authentications per second.RSA Authentication Manager software offers highperformance and scalability with enterprise-levelmanagement features such as database replication,logging and reporting, native LDAP support, and web-based management. The database replication featureenables flexible network configuration and loadbalancing for improved performance that ultimatelyRSA Solution Brief1 Ponemon Institute 2008 Annual Study, “ Cost of a Data Breach”
3RSA Solution Brieflowers management costs. Administrators are ableto use RSA Authentication Manager as an auditing,accounting, and compliance tool as it logs alltransactions and user activity. In addition, reporttemplates are available that can be easily tailored toadministration needs, including activity, exception,incident and usage summaries. Delivering true nativeLDAP support for direct integration with Sun One andMicrosoft Active Directory, the RSA AuthenticationManager software requires no synchronization. Thebrowser-based administration interface of RSAAuthentication Manager calls for no client softwareinstallation, and can be remotely administered fromany PC with a browser and Internet connection.RSA Credential Manager is tightly coupled with themanagement interface of RSA Authentication Manager,and requires no separate install. It offers functionalitysuch as self service, allowing end users to request avariety of services such as on-demand token codes foremergency access, and workflow provisioning, allowingadministrators to create processes by which requestorsare approved and credential are issued.RSA Authentication Manager is interoperable withmany of the major network infrastructure andoperating system products on the market, includingmore than 400 products from over 200 vendors,providing organizations with maximum flexibilityand investment protection.RSA SecurID ApplianceThe RSA SecurID Appliance delivers RSA AuthenticationManager in an integrated, rack-mountable hardwareappliance. It is easy to deploy and maintain, anddesigned so that a customer can be up and runningin as few as 30 minutes.The RSA SecurID Appliance is a flexible and scalablesolution that is available in two models that can beconfigured to meet the different needs of organizationsof any size.RSA SecurID Appliance 130The RSA SecurID Appliance 130 is designed to satisfythe requirements for simple, cost-effective deploymentsRSA SecurID Appliance 250The RSA SecurID Appliance 250 is designed with dualpower and redundant discs for organizations thatrequire high availability (HA) deployments.RSA Authentication AgentsRSA Authentication Agent software functions muchlike security guards, standing between the user anda protected resource or device to enforce two-factorauthentication via the RSA Authentication Managersoftware. Agents provide load balancing by detectingreplica server response times and respondingaccordinglyRSA Authentication Agent software is embedded inRemote Access Servers (RAS), firewalls and VirtualPrivate Networks (VPNs), virtually ensuring that RSASecurID technology will work seamlessly in anycustomer environment.In addition, agents let you secure web pages andapplications on your intranet or extranet, at the sametime protecting mission-critical back-end systems.Agents are also available to provide secure access toNT domains and resources hosted on UNIX servers,mainframes, mid-range systems and a range of legacyhosts. Software toolkits make it possible to createcustom agents to protect other internal applicationsthat are specific to a particular organization.
****449 054Hardware TokenSoftware Token UsersCorporate NetworkRSAAuthenticationAgentInternet****449 0542. AuthenticationManager calculatespasscode1. User enters passcode(PIN + token code)3. Userauthenticated!4RSA SecurID Authenticators –Quality, Reliability and ChoiceOne-size does not fit all when it comes to choosingthe right authenticator to balance your organization’ssecurity, total cost of ownership and end-usersecurity needs. With a broad range of easy-to-useform factors, there are RSA SecurID authenticatorsavailable to suit a wide variety of organization andapplication requires.RSA Solution BriefStep 1: When the user attemptsto access a protected resource,like a VPN or secure portal, theyare prompted for their user IDand passcode. The passcode thatthe user presents is a combina-tion of their secret PIN and theOTP code that is displayed ontheir token at that moment intime.Step 2: The user ID and passcode are intercepted by the RSAAuthentication Agent and pre-sented to the RSA AuthenticationManager software, the system’sauthentication engine. The soft-ware checks the pass code toensure it is correct before issuinginstructions to the system toeither allow or deny access.Step 3: Once access is allowed,the user is authenticated andhas access to their networkresources.How Does RSA SecurID Work?RSA SecurID Hardware TokensRSA SecurID hardware tokens are designed to withstandthe worst imaginable conditions to ensure that you donot face hidden costs due to token failures. By selectingRSA SecurID tokens, which come with a lifetimewarranty, organizations can reduce the overhead costsof distributing replacement tokens and drive down theoverall cost of security while providing a consistent andeasy-to-use authentication experience for end-users.The RSA SecurID hardware token comes in a varietyof convenient models that all generate and displaynew codes every 60 seconds.
5The RSA SecurID 700 isa small key fob thatconnects easily to anykey ring and fits into auser’s pocket or smallcarrying case.The RSA SecurID 800offers the one-timepassword functionalityof the other hardwareauthenticators and canbe used for storage of Windows username/passwordcredentials and digital certificates creating a master keyfor multiple authentication methods. When connected,the RSA SecurID 800 is enabled for automatic tokencode entry, allowing applications to programmaticallyaccess token codes directly off the device andeliminating the need for the user to type their code.Software AuthenticatorsRSA SecurID software tokens use the same algorithmas RSA SecurID hardware tokens while eliminatingthe need for users to carry dedicated hardwaredevices. Instead of being stored in RSA SecurIDhardware, the symmetric key is safeguarded securelyon the user’s PC or smart phone. RSA SecurIDsoftware authenticators help to more effectivelymanage cost while reducing the number of itemsneeded to gain access to the network or corporateassets, and eliminating the need for replacementtokens in the event of someone leavingthe company or losing a token.RSA SecurID software tokens for smart phonesRSA SecurID softwaretokens are available fora variety of smartphone platformsincluding BlackBerry®,iPhone®, Windows®Mobile, Java™ME, PalmOS and Symbian OSand UIQ devices. Integrating the RSA SecurID token onthe smart phone makes it easy for your employees toremember and use.RSA Solution BriefRSA SecurID 700RSA SecurID 800RSA SecurID Token for Windows andRSA SecurID Token for Mac OSXThe RSA SecurID Token forWindows and RSA SecurIDToken for Mac OSX areconvenient form factorsthat resides on your PC orMac and enable automatic integration with leadingremote access clients.RSA SecurID Toolbar TokenThe RSA SecurID Toolbar Token combines theconvenience of auto-fill capabilities for web applicationswith the security of anti-phishing mechanisms.RSA SecurID On-demand AuthenticatorThe RSA SecurIDOn-demandAuthenticator enablesusers to receive a one-time passwordas an SMS messagedelivered to theircell phone or via e-mail. Users request a one-timepassword through an intuitive self service web moduleby entering their PIN. The On-demand Authenticator isa true zero footprint authenticator and requires nohardware or software token. It’s a great choice forusers that do not need to frequently access thenetwork remotely.RSA Secured Partners –Turnkey InteroperabilityEnsuring that RSA SecurID integrates easily into yourexisting infrastructure is a top priority for RSA. TheRSA Secured Partner Program works with leadingvendors of remote access products, VPNs, firewalls,wireless network devices, web servers and businessapplications to certify product integrations with