SlideShare a Scribd company logo

RSA Secur id for windows

Download as PPT, PDF
A
arpit06055

RSA SecurID provides two-factor authentication for accessing Microsoft Windows using a username and passcode. It works by hashing the passcode on the RSA ACE/Server and storing the hashed passcodes, emergency access passwords, and encrypted Windows passwords. This allows users to authenticate both online by supplying the username and passcode to the ACE/Server, and offline using cached credentials on the laptop. RSA SecurID for Windows offers a simple, consistent, and secure authentication method with centralized logging and reporting across VPN, wireless, web portals, and applications.

1 of 36
RSA SecurID® for Microsoft® Windows® Gary Lau CISSP, CISA Principal Consultant North Asia
Agenda • RSA SecurID – the standard for Strong 2 Factors Authentication • Authentication in the Enterprise • Authentication to Microsoft Windows • How It Works • Other MS Solutions that are RSA Ready
Need to access information Need to protect corporate resources The Business Problem
The Business Problem • Low security of static password • Difficult to remember • Inconsistent user experience • Users write them down • Help desk costs • Unproductive users • Frustration
Passwords Are a Big Problem Problems with passwords were mentioned spontaneously in 2 2003 focus groups: • “You have to log in and have complicated, long passwords with numbers and digits” • “I just see my friends trying to use (their passwords) and forgetting them all the time” • Many consumer applications force multiple logons with different user names, passwords, account numbers
Consumer fraud complaints for 2003 • Identity theft 43% • Internet auctions 13% • Internet services, computer complaints 6% • Shop-at-home, catalog offers 5% • Advance fee loans, credit protection 5% • Prizes/sweepstakes/gifts 4% • Foreign money offers 4% • Business opportunities, work-at-home plans 3% • Magazines, buyers clubs 2% • Telephone services 2% • Healthcare 2% Source: Federal Trade Commission
The Fastest Growing Crime almost $53 billion in the previous year. $53 Billion In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost by 2005. $2 Trillion Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion
Auditing • Multiple access points • Multiple logs • Compliance requirements
Methods of Authentication • Something you know —Password, PIN, “mother’s maiden name” • Something you have —magnetic card, smart card, token, Physical key • Something unique about you —Finger print, voice, retina, iris “1059” Bank 1234 5678 9010
Solving the Password Problem • Combine something you have ... — your ATM card, for example ++ PPIINN • ... with something you know ... — your PIN == TTwwoo--ffaaccttoorr aauutthheennttiiccaattiioonn!!
Grant access: Y/N? User enters Passcode (PIN + token code) Security • Proven security • 15 million users • 14,000 customers
RSA SecurID Product Family Components ACE / Server ACE / Agents SecurID Authenticators
Two-factor Authentication with RSA SecurID Login: GLAU Passcode: 2468234836 PASSCODE = PIN + TOKENCODE Token code: Changes every 60 seconds Unique seed Internal battery Clock synchronized to UCT / GMT
How Customers Use RSA SecurID E-Business Enterprise Web Server or Portal Server Intranet AApppplliiccaattiioonnss && RReessoouurrcceess RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall Enterprise Access Others WLAN
Authentication in the Enterprise Past: Strong Authentication for Remote Access RSA SecurID users Sysadmins Mobile workforce ~20% RAS/VPN Enterprise Mobile workforce required to strongly authenticate Everyone else uses passwords. Why? •Assumption that because a person is in the building, I can better trust them •No real alternative
Authentication in the Enterprise Present: Network is opening up, getting more porous Mobile workforce Enterprise Customers & Partners WLAN Web Sysadmins ~30% RAS/VPN Strong authentication being required to use • WLAN • Web • SSL VPN But passwords still the way to authenticate to Windows •No real alternative RSA SecurID users
Authentication to Microsoft Windows Today: Username and password Today a user types in his Username and Windows password to authenticate to the network.
Authentication to Microsoft Windows Tomorrow: Username and passcode Supports: •Local •Domain •Terminal Services •Password Integration •Online and Offline
RSA SecurID Login
Simplicity • Simple • Consistent • Secure VPN Windows Wireless Web portal Applications
Auditability • Centralized logging • Robust reporting VPN Windows Wireless Web portal Applications
RSA SecurID for Microsoft Windows Configuration Requirements Desktop/Laptop Domain Controller RSA ACE Server RSA ACE/Agent 6.0 Client RSA ACE/Agent 6.0 RSA ACE/Server 6.0 Window: 2000, XP, 2003 Microsoft: 2000 & 2003 Microsoft Server: 2000 & 2003 GINA Replacement AD userid and RSA ACE/Server userid must be the same Auto Install via MSI
RSA SecurID Architecture RSA ACE/Agents Web Server RSA Firewall ACE/Agent RSA ACE/Server (replica) Firewall IInnttrraanneett VPN DDMMZZ RSA ACE/Server (primary) RSA ACE/Agents PDC RAS
How It Works User on-line (Network Connected) Domain Controller RSA hashed Passcode store RSA ACE/Server 1. Username and passcode 2. Username and passcode provided to ACE/Server along with date/time of last available passcode 5. Username, Windows password supplied to AD 3 and 4. Agent is told Authentication was successful and is provided: - Windows password - Ticket for hashed passcode retrieval 7. ACE/Server provides to passcode store: - Hashed passcodes - Emergency access password - Encrypted Windows password (for use when offline) 6. Kerberos Ticket supplied to desktop
RSA hashed Passcode store How It Works User off-line (Network disconnected) Microsoft’s cached credentials 5. Username, Windows password RSA ACE/Server 1. Username and passcode, or emergency access code 2. Username and Passcode (or emergency access code) 6. Offline Kerberos ticket 3 and 4. Authentication successful - Decrypted Windows password Laptop
RSA SecurID for Microsoft Windows Windows Password • Windows Password Security Policy Options — Make the password long, complicated and static since its of no use without Strong Authentication — Continue forced MS password change: • Admin forces a password change or it expires • Old password automatically filled in by RSA ACE/Server • New password typed by end user and stored in RSA ACE/Server • Handled gracefully in online and offline mode
RSA SecurID for Microsoft Windows Administrative Configuration Options • System-wide Settings — Allow/deny – offline use — # of days users can be offline — Warn user of limited offline days — # of bad passcodes before locking user’s token — Accept an offline authentication or require re-authentication upon reconnect — Bring log of offline events from clients into A/S log database • Emergency Access — Help desk can provide end user emergency access code for when end user forgets PIN, forgets token, or runs out of offline days
Other Microsoft Solutions that are RSA Ready
Already Certified MS Solutions • MS Active Directory Application Mode • MS Active Directory • MS Certificate Services • MS Crypto API • MS Exchange ActiveSync • MS Exchange Server • MS Internet Explorer • MS IIS • MS ISA Server • MS Mobile Information Server • MS Office XP • MS OWA • MS Outlook/Outlook Express • MS Routing and Remote Access • MS Windows 2000 • MS Windows NT • MS Windows XP Sources: www.rsasecured.com
RSA SecurID with Microsoft Exchange ActiveSync Start -> ActivEenStyenrc UsernaEmnteer Username and Success and start synchronization! PASSCODE
RSA SecurID with Microsoft ISA Server (VPN)
RSA SecurID with Microsoft OWA
RSA SecurID with Microsoft Mobile Information Server
Summary RSA SecurID for Microsoft Windows • Secure • Simple • Auditable
RSA SecurID for Microsoft Windows
Thank you!! Please visit www.rsasecured.com for other RSA certified products. khlau@rsasecurity.com www.rsasecurity.com

Recommended

Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 

Recommended

Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotpHai Nguyen
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
CHARGE Anywhere
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
NCCOMMS
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
Greg Stone
 
2FA OTP Hard Token
2FA OTP Hard Token2FA OTP Hard Token
2FA OTP Hard Token
2FA, Inc.
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
Greg Stone
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
Wen-Pai Lu
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
Hitachi ID Systems, Inc.
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
GENIANS, INC.
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
GENIANS, INC.
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
Carahsoft
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
RapidSSLOnline.com
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
Blue Teamer
 
RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
PepeMartin23
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
PepeMartin23
 

More Related Content

What's hot

Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
CHARGE Anywhere
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
NCCOMMS
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
Greg Stone
 
2FA OTP Hard Token
2FA OTP Hard Token2FA OTP Hard Token
2FA OTP Hard Token
2FA, Inc.
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
Greg Stone
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
Wen-Pai Lu
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
Hitachi ID Systems, Inc.
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
GENIANS, INC.
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
GENIANS, INC.
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
Carahsoft
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
RapidSSLOnline.com
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
Blue Teamer
 

What's hot (20)

Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
 
2FA OTP Hard Token
2FA OTP Hard Token2FA OTP Hard Token
2FA OTP Hard Token
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
 

Similar to RSA Secur id for windows

RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
PepeMartin23
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
PepeMartin23
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Nordic Infrastructure Conference
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
DataStax
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
Securing Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUESecuring Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUE
WSO2
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
Information Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems Overview
Nick Owen
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 

Similar to RSA Secur id for windows (20)

RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Securing Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUESecuring Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUE
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems Overview
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 

Recently uploaded

Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
manasideore6
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 

Recently uploaded (20)

Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 

RSA Secur id for windows

  • 1. RSA SecurID® for Microsoft® Windows® Gary Lau CISSP, CISA Principal Consultant North Asia
  • 2. Agenda • RSA SecurID – the standard for Strong 2 Factors Authentication • Authentication in the Enterprise • Authentication to Microsoft Windows • How It Works • Other MS Solutions that are RSA Ready
  • 3. Need to access information Need to protect corporate resources The Business Problem
  • 4. The Business Problem • Low security of static password • Difficult to remember • Inconsistent user experience • Users write them down • Help desk costs • Unproductive users • Frustration
  • 5. Passwords Are a Big Problem Problems with passwords were mentioned spontaneously in 2 2003 focus groups: • “You have to log in and have complicated, long passwords with numbers and digits” • “I just see my friends trying to use (their passwords) and forgetting them all the time” • Many consumer applications force multiple logons with different user names, passwords, account numbers
  • 6. Consumer fraud complaints for 2003 • Identity theft 43% • Internet auctions 13% • Internet services, computer complaints 6% • Shop-at-home, catalog offers 5% • Advance fee loans, credit protection 5% • Prizes/sweepstakes/gifts 4% • Foreign money offers 4% • Business opportunities, work-at-home plans 3% • Magazines, buyers clubs 2% • Telephone services 2% • Healthcare 2% Source: Federal Trade Commission
  • 7. The Fastest Growing Crime almost $53 billion in the previous year. $53 Billion In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost by 2005. $2 Trillion Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion
  • 8. Auditing • Multiple access points • Multiple logs • Compliance requirements
  • 9. Methods of Authentication • Something you know —Password, PIN, “mother’s maiden name” • Something you have —magnetic card, smart card, token, Physical key • Something unique about you —Finger print, voice, retina, iris “1059” Bank 1234 5678 9010
  • 10. Solving the Password Problem • Combine something you have ... — your ATM card, for example ++ PPIINN • ... with something you know ... — your PIN == TTwwoo--ffaaccttoorr aauutthheennttiiccaattiioonn!!
  • 11. Grant access: Y/N? User enters Passcode (PIN + token code) Security • Proven security • 15 million users • 14,000 customers
  • 12. RSA SecurID Product Family Components ACE / Server ACE / Agents SecurID Authenticators
  • 13. Two-factor Authentication with RSA SecurID Login: GLAU Passcode: 2468234836 PASSCODE = PIN + TOKENCODE Token code: Changes every 60 seconds Unique seed Internal battery Clock synchronized to UCT / GMT
  • 14. How Customers Use RSA SecurID E-Business Enterprise Web Server or Portal Server Intranet AApppplliiccaattiioonnss && RReessoouurrcceess RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall Enterprise Access Others WLAN
  • 15. Authentication in the Enterprise Past: Strong Authentication for Remote Access RSA SecurID users Sysadmins Mobile workforce ~20% RAS/VPN Enterprise Mobile workforce required to strongly authenticate Everyone else uses passwords. Why? •Assumption that because a person is in the building, I can better trust them •No real alternative
  • 16. Authentication in the Enterprise Present: Network is opening up, getting more porous Mobile workforce Enterprise Customers & Partners WLAN Web Sysadmins ~30% RAS/VPN Strong authentication being required to use • WLAN • Web • SSL VPN But passwords still the way to authenticate to Windows •No real alternative RSA SecurID users
  • 17. Authentication to Microsoft Windows Today: Username and password Today a user types in his Username and Windows password to authenticate to the network.
  • 18. Authentication to Microsoft Windows Tomorrow: Username and passcode Supports: •Local •Domain •Terminal Services •Password Integration •Online and Offline
  • 20. Simplicity • Simple • Consistent • Secure VPN Windows Wireless Web portal Applications
  • 21. Auditability • Centralized logging • Robust reporting VPN Windows Wireless Web portal Applications
  • 22. RSA SecurID for Microsoft Windows Configuration Requirements Desktop/Laptop Domain Controller RSA ACE Server RSA ACE/Agent 6.0 Client RSA ACE/Agent 6.0 RSA ACE/Server 6.0 Window: 2000, XP, 2003 Microsoft: 2000 & 2003 Microsoft Server: 2000 & 2003 GINA Replacement AD userid and RSA ACE/Server userid must be the same Auto Install via MSI
  • 23. RSA SecurID Architecture RSA ACE/Agents Web Server RSA Firewall ACE/Agent RSA ACE/Server (replica) Firewall IInnttrraanneett VPN DDMMZZ RSA ACE/Server (primary) RSA ACE/Agents PDC RAS
  • 24. How It Works User on-line (Network Connected) Domain Controller RSA hashed Passcode store RSA ACE/Server 1. Username and passcode 2. Username and passcode provided to ACE/Server along with date/time of last available passcode 5. Username, Windows password supplied to AD 3 and 4. Agent is told Authentication was successful and is provided: - Windows password - Ticket for hashed passcode retrieval 7. ACE/Server provides to passcode store: - Hashed passcodes - Emergency access password - Encrypted Windows password (for use when offline) 6. Kerberos Ticket supplied to desktop
  • 25. RSA hashed Passcode store How It Works User off-line (Network disconnected) Microsoft’s cached credentials 5. Username, Windows password RSA ACE/Server 1. Username and passcode, or emergency access code 2. Username and Passcode (or emergency access code) 6. Offline Kerberos ticket 3 and 4. Authentication successful - Decrypted Windows password Laptop
  • 26. RSA SecurID for Microsoft Windows Windows Password • Windows Password Security Policy Options — Make the password long, complicated and static since its of no use without Strong Authentication — Continue forced MS password change: • Admin forces a password change or it expires • Old password automatically filled in by RSA ACE/Server • New password typed by end user and stored in RSA ACE/Server • Handled gracefully in online and offline mode
  • 27. RSA SecurID for Microsoft Windows Administrative Configuration Options • System-wide Settings — Allow/deny – offline use — # of days users can be offline — Warn user of limited offline days — # of bad passcodes before locking user’s token — Accept an offline authentication or require re-authentication upon reconnect — Bring log of offline events from clients into A/S log database • Emergency Access — Help desk can provide end user emergency access code for when end user forgets PIN, forgets token, or runs out of offline days
  • 28. Other Microsoft Solutions that are RSA Ready
  • 29. Already Certified MS Solutions • MS Active Directory Application Mode • MS Active Directory • MS Certificate Services • MS Crypto API • MS Exchange ActiveSync • MS Exchange Server • MS Internet Explorer • MS IIS • MS ISA Server • MS Mobile Information Server • MS Office XP • MS OWA • MS Outlook/Outlook Express • MS Routing and Remote Access • MS Windows 2000 • MS Windows NT • MS Windows XP Sources: www.rsasecured.com
  • 30. RSA SecurID with Microsoft Exchange ActiveSync Start -> ActivEenStyenrc UsernaEmnteer Username and Success and start synchronization! PASSCODE
  • 31. RSA SecurID with Microsoft ISA Server (VPN)
  • 32. RSA SecurID with Microsoft OWA
  • 33. RSA SecurID with Microsoft Mobile Information Server
  • 34. Summary RSA SecurID for Microsoft Windows • Secure • Simple • Auditable
  • 35. RSA SecurID for Microsoft Windows
  • 36. Thank you!! Please visit www.rsasecured.com for other RSA certified products. khlau@rsasecurity.com www.rsasecurity.com

Editor's Notes

  1. <number>
  2. <number>
  3. <number>
  4. <number>
  5. <number>
  6. <number> Now I’m going to present one more problem to you. Auditing. Many companies are required to protect access to private information and to prove who has accessed the data. The problem is, with so many access methods and applications there are multiple access logs. And, how do you prove who has logged on and accessed the information? If you can’t trust the authentication method, how can you trust the audit logs?
  7. <number> Slide Title: Authentication Methods Key Message: There are three primary ways to authenticate an individual, something you know, something you have or something you are Speaker Points: Notes:
  8. <number>
  9. <number>
  10. <number>
  11. <number>
  12. <number>
  13. <number>
  14. <number>
  15. <number>
  16. <number>
  17. <number>
  18. <number>
  19. <number>
  20. <number>
  21. <number>
  22. <number>
  23. <number> So now you can see why we’re so excited about this announcement, it’s secure, simple for the users, and auditable.
  24. <number> Questions?