Gary Lau CISSP, CISA Principal Consultant North Asia. RSA SecurID ® for Microsoft ® Windows ®. Agenda. RSA SecurID – the standard for Strong 2 Factors Authentication Authentication in the Enterprise Authentication to Microsoft Windows How It Works Other MS Solutions that are RSA Ready.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Strong 2 Factors Authentication
Need to accessinformation
Need to protectcorporate resources
Problems with passwords were mentioned spontaneously in 2
2003 focus groups:
Source: Federal Trade Commission
In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost almost $53 billion in the previous year.
Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion by 2005.
= Two-factor authentication!
User enters Passcode(PIN + token code)
ACE / Agents
RSA SecurID Product Family Components
RSA SecurID usersAuthentication in the Enterprise Past: Strong Authentication for Remote Access
RSA SecurID usersAuthentication in the EnterprisePresent: Network is opening up, getting more porous
Customers & Partners
Today a user types in his Username and Windows password to authenticate to the network.
2. Username and passcode provided to ACE/Server along with date/time of last available passcode
3 and 4. Agent is told Authentication was successful and is provided:
- Windows password
- Ticket for hashed passcode retrieval
5. Username, Windows password supplied to AD
6. Kerberos Ticket supplied to desktop
7. ACE/Server provides to passcode store:
- Hashed passcodes
- Emergency access password
- Encrypted Windows password (for use when offline)
1. Username and passcode
5. Username, Windows password
6. Offline Kerberos ticket
2. Username and Passcode
(or emergency access code)
1. Username and passcode, or emergency access code
3 and 4. Authentication successful
- Decrypted Windows password
MS Active Directory
MS Certificate Services
MS Crypto API
MS Exchange ActiveSync
MS Exchange Server
MS Internet Explorer
MS ISA Server
MS Mobile Information Server
MS Office XP
MS Outlook/Outlook Express
MS Routing and Remote Access
MS Windows 2000
MS Windows NT
MS Windows XPAlready Certified MS Solutions
RSA SecurID for
Please visit www.rsasecured.com for other RSA certified products.