1 / 15

Secure Remote Access to Enterprise Applications RSA Adaptive Authentication and NetScaler Integration

Secure Remote Access to Enterprise Applications RSA Adaptive Authentication and NetScaler Integration. Business Collaboration. Employee Productivity. Information Protection . Regulatory Controls. Risk Based Access Controls. Secure Authentication. Protect Against

giovanna
Download Presentation

Secure Remote Access to Enterprise Applications RSA Adaptive Authentication and NetScaler Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Remote Access to Enterprise ApplicationsRSA Adaptive Authentication and NetScaler Integration

  2. Business Collaboration Employee Productivity Information Protection Regulatory Controls Risk Based Access Controls Secure Authentication Protect Against Emerging Threats Ease of Use Business Enablement Business Challenge Business Requirement Enterprise Authentication Security Balancing Act Identity sprawl Information sprawl Workforce Mobility Increasing Threats Increasing Regulation

  3. The Notion of Risk • Start with an “Ideal Activity” • Allow for some degree of variance from that “ideal” Area of Concern Activity D • Most Employee and Business actions will fall within the comfort zone • Opportunity to control costs if comfort zone activities can be reliably identified Activity C Ideal Activity Activity A Activity B • Challenge is to identify only those activities which fall outside of comfort zone Comfort Zone

  4. Monitor – Detect – Investigate or Challenge Transparently increase security without compromising user convenience Risk Assessment Risk Mitigation

  5. RSA™ eFraudNetwork™: Expansive: • Thousands of contributors; ISPs, feeding partners, customers • Cross industry • International visibility More than “IP Blacklist”: • Clustering: associates and links transactions • Coloring: implicating clusters and accounting for proximity • Baits Countermeasure: “dummy” credentials • IP Address from Phishing Attacks: Botnets • Feeds to / from multiple RSA products Anonymous: • No Personally Identifying Information shared Proven: • ½ Billion Devices, gives “fraud detection a considerable lift”* World’s Largest Online Fraud Fighting Community Don’t fight cybercriminals alone!

  6. RSA Adaptive Authentication with Citrix NetScaler • Solution Components • Citrix NetScaler - Version 9.2 or later • Identity Provider such as Active Directory or equivalent LDAP based system • RSA Adaptive Authentication Server for secondary authentication of users based on behavioral and other inputs

  7. Configuring the RSA Authentication Adapter • Start configuration wizard • Configure RADIUS Adapter • Configure AA Adapter • Configure behavior parameters • Configure Identity confirmation methods

  8. Configuring NetScaler • Create Authentication server • Create Authentication policy • Create Virtual server • Run management script utility to configure NetScaler with user parameters

  9. Initial User Setup • The user logs on to the site using the user name and password • The user selects the security questions and provides answers to those security questions • The user confirms selection to security questions

  10. User Authentication • User attempts to access a system protected by Adaptive Authentication • User's activity is analyzed by the RSA Risk Engine and is assigned a Risk Score • RSA Policy Manager determines Risk using behavioral analysis • User is directed to "Step-Up Authentication"

  11. Healthcare Cure to fraud prevention Law EnforcementSecure connections to help catch the bad guys • Mobile employees who work from home or travel can access sensitive information remotely and security • For on-the-go doctors, multiple devices (PCs) can be registered so access can be gained seamlessly from any location • Helps meet compliance regulations for “stronger than password” authentication • Authorized law enforcement offices canutilize different PCs and still securely access sensitive information • Persistent security and policy enforcement only challenging the riskiest subset of activities with step-up authentication

  12. Missouri Highway Patrol • Challenge • Telco costs exceeded $1m annually to deliver applications to 246 Municipalities • Security concerns of onboarding new Web Applications • Mandated standards • Federal Information Protection Standard 140-2 • Two Factor Authentication • Global redundancy • Solution • RSA-AAA + NetScaler FIPS Platinum Edition • Benefits • $1m annual savings • Easy transition & Great User Experience • Strong Layered Security • Superior Web App Experience • Improved Application Availability State Government

  13. Lessons Learned • Put the Adaptive Authentication Adapter behind a NS vServer– Optimize performance– Protect with AppFW– Load Balance • Use a wildcard or SAN SSL certificate– Maintain PKI integrity • Get installation assistance– Make the deployment stress free and on time

  14. Secure, Remote Access to Enterprise Applications RSA Adaptive Authentication Integration with Citrix NetScaler Low Total Cost of Ownership • Enables user self-enrollment with no need for physical devices Strong Layered Security • Complement NetScaler’s primary authentication systems such as Active Directory or LDAP • Extend user identity across enterprise and SaaS applications • Protect against web and XML application threats like Cross-Site Scripting (XSS) , SQL Injection and DDoS attacks with Web Application Firewall • Numerous authentication methods with customizable risk and authentication policies provide the highest fraud detection rates Superior User Experience • Transparent authentication methods offer the lowest impact on genuine users providing a convenient online experience as users are only challenged when suspicious activities are identified and/or an organizational policy is violated

  15. For More Information • Citrix NetScaler Blogs • http://community.citrix.com/display/ocb/2011/05/19/Adaptive+Authentication • Sales Knowledgebase • www.citrix.com/skb - Search tag “RSA Adaptive Authentication” • Citrix TV • www.citrix.com/tv- Search tag “RSA Adaptive Authentication” • Citrix NetScaler Resources • www.citrix.com/netscaler- Click “Resources and Support” • Citrix NetScaler Discussion Forums • http://forums.citrix.com/support- Click NetScaler

More Related