rsa securid for microsoft windows l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
RSA SecurID ® for Microsoft ® Windows ® PowerPoint Presentation
Download Presentation
RSA SecurID ® for Microsoft ® Windows ®

Loading in 2 Seconds...

play fullscreen
1 / 36

RSA SecurID ® for Microsoft ® Windows ® - PowerPoint PPT Presentation


  • 503 Views
  • Uploaded on

Gary Lau CISSP, CISA Principal Consultant North Asia. RSA SecurID ® for Microsoft ® Windows ®. Agenda. RSA SecurID – the standard for Strong 2 Factors Authentication Authentication in the Enterprise Authentication to Microsoft Windows How It Works Other MS Solutions that are RSA Ready.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'RSA SecurID ® for Microsoft ® Windows ®' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • RSA SecurID – the standard for

Strong 2 Factors Authentication

  • Authentication in the Enterprise
  • Authentication to Microsoft Windows
  • How It Works
  • Other MS Solutions that are RSA Ready
the business problem
The Business Problem

Need to accessinformation

Need to protectcorporate resources

the business problem4
The Business Problem
  • Low security of static password
  • Difficult to remember
  • Inconsistent user experience
  • Users write them down
  • Help desk costs
  • Unproductive users
  • Frustration
passwords are a big problem
Passwords Are a Big Problem

Problems with passwords were mentioned spontaneously in 2

2003 focus groups:

  • “You have to log in and have complicated, long passwords with numbers and digits”
  • “I just see my friends trying to use (their passwords) and forgetting them all the time”
  • Many consumer applications force multiple logons with different user names, passwords, account numbers
consumer fraud complaints for 2003
Consumer fraud complaints for 2003
  • Identity theft 43%
  • Internet auctions 13%
  • Internet services, computer complaints 6%
  • Shop-at-home, catalog offers 5%
  • Advance fee loans, credit protection 5%
  • Prizes/sweepstakes/gifts 4%
  • Foreign money offers 4%
  • Business opportunities, work-at-home plans 3%
  • Magazines, buyers clubs 2%
  • Telephone services 2%
  • Healthcare 2%

Source: Federal Trade Commission

the fastest growing crime
The Fastest Growing Crime

$53 Billion

In September 2003, the Federal Trade Commission (FTC) reported that identity theft had affected nearly 10 million Americans and cost almost $53 billion in the previous year.

Worldwide, identity theft and related crimes are projected to cost an estimated $221 billion in 2003. If the current 300% compound annual growth rate continues, annual losses worldwide could top $2 trillion by 2005.

$2 Trillion

auditing
Auditing
  • Multiple access points
  • Multiple logs
  • Compliance requirements
methods of authentication

Bank

1234 5678 9010

Methods of Authentication
  • Something you know
    • Password, PIN, “mother’s maiden name”
  • Something you have
    • magnetic card, smart card, token, Physical key
  • Something unique about you
    • Finger print, voice, retina, iris

“1059”

solving the password problem
Solving the Password Problem
  • Combine something you have ...
    • your ATM card, for example

+ PIN

  • ... with something you know ...
    • your PIN

= Two-factor authentication!

security
Security
  • Proven security
  • 15 million users
  • 14,000 customers

User enters Passcode(PIN + token code)

Grant access:Y/N?

slide12

ACE / Server

ACE / Agents

SecurID Authenticators

RSA SecurID Product Family Components

two factor authentication with rsa securid

Login: GLAU

Passcode: 2468234836

PASSCODE

=

PIN

+

TOKENCODE

Token code: Changes every 60 seconds

Two-factor Authenticationwith RSA SecurID

PIN

TOKENCODE

Clock synchronized to UCT / GMT

Internal battery

Unique seed

how customers use rsa securid

E-Business

RSA ACE/Server

RAS

RSA Agent

RemoteAccess

Enterprise Access

How Customers Use RSA SecurID

Internet Access

Enterprise

Web Server or Portal Server

RSA Agent

VPN or Firewall

Internet

Others

Intranet

WLAN

Applications

&

Resources

authentication in the enterprise past strong authentication for remote access

Sysadmins

RSA SecurID users

Authentication in the Enterprise Past: Strong Authentication for Remote Access
  • Mobile workforce required to strongly authenticate
  • Everyone else uses passwords. Why?
    • Assumption that because a person is in the building, I can better trust them
    • No real alternative

Mobile

workforce

~20%

RAS/VPN

Enterprise

authentication in the enterprise present network is opening up getting more porous

Sysadmins

RSA SecurID users

Authentication in the EnterprisePresent: Network is opening up, getting more porous

Web

  • Strong authentication being required to use
  • WLAN
  • Web
  • SSL VPN
  • But passwords still the way to authenticate to Windows
    • No real alternative

Mobile

workforce

~30%

RAS/VPN

Customers & Partners

WLAN

Enterprise

authentication to microsoft windows today username and password
Authentication to Microsoft Windows Today: Username and password

Today a user types in his Username and Windows password to authenticate to the network.

authentication to microsoft windows tomorrow username and passcode
Authentication to Microsoft WindowsTomorrow: Username and passcode
  • Supports:
  • Local
  • Domain
  • Terminal Services
  • Password Integration
  • Online and Offline
simplicity
Simplicity
  • Simple
  • Consistent
  • Secure

VPN

Windows

Wireless

Web portal

Applications

auditability
Auditability
  • Centralized logging
  • Robust reporting

VPN

Windows

Wireless

Web portal

Applications

rsa securid architecture

DMZ

Web Server

RSA ACE/Agent

Firewall

RSA ACE/Agents

VPN

PDC

RSA SecurID Architecture

RSA ACE/Server (replica)

RSA ACE/Server (primary)

Intranet

Firewall

RSA ACE/Agents

RAS

how it works user on line network connected
How It WorksUser on-line (Network Connected)

Domain Controller

2. Username and passcode provided to ACE/Server along with date/time of last available passcode

3 and 4. Agent is told Authentication was successful and is provided:

- Windows password

- Ticket for hashed passcode retrieval

5. Username, Windows password supplied to AD

RSA ACE/Server

6. Kerberos Ticket supplied to desktop

7. ACE/Server provides to passcode store:

- Hashed passcodes

- Emergency access password

- Encrypted Windows password (for use when offline)

1. Username and passcode

RSA hashed

Passcode store

how it works user off line network disconnected
How It WorksUser off-line (Network disconnected)

Microsoft’s

cached

credentials

Laptop

5. Username, Windows password

6. Offline Kerberos ticket

2. Username and Passcode

(or emergency access code)

RSA hashed

Passcode store

1. Username and passcode, or emergency access code

3 and 4. Authentication successful

- Decrypted Windows password

RSA ACE/Server

rsa securid for microsoft windows windows password
RSA SecurID for Microsoft WindowsWindows Password
  • Windows Password Security Policy Options
    • Make the password long, complicated and static since its of no use without Strong Authentication
    • Continue forced MS password change:
      • Admin forces a password change or it expires
      • Old password automatically filled in by RSA ACE/Server
      • New password typed by end user and stored in RSA ACE/Server
      • Handled gracefully in online and offline mode
rsa securid for microsoft windows administrative configuration options
RSA SecurID for Microsoft WindowsAdministrative Configuration Options
  • System-wide Settings
    • Allow/deny – offline use
    • # of days users can be offline
    • Warn user of limited offline days
    • # of bad passcodes before locking user’s token
    • Accept an offline authentication or require re-authentication upon reconnect
    • Bring log of offline events from clients into A/S log database
  • Emergency Access
    • Help desk can provide end user emergency access code for when end user forgets PIN, forgets token, or runs out of offline days
already certified ms solutions
MS Active Directory Application Mode

MS Active Directory

MS Certificate Services

MS Crypto API

MS Exchange ActiveSync

MS Exchange Server

MS Internet Explorer

MS IIS

MS ISA Server

MS Mobile Information Server

MS Office XP

MS OWA

MS Outlook/Outlook Express

MS Routing and Remote Access

MS Windows 2000

MS Windows NT

MS Windows XP

Already Certified MS Solutions

Sources: www.rsasecured.com

rsa securid with microsoft exchange activesync

Start -> ActiveSync

Enter Username

Success and start synchronization!

Enter Username and PASSCODE

RSA SecurID with Microsoft Exchange ActiveSync
summary
Summary

RSA SecurID for

Microsoft Windows

  • Secure
  • Simple
  • Auditable
slide36

Thank you!!

Please visit www.rsasecured.com for other RSA certified products.

khlau@rsasecurity.com

www.rsasecurity.com