SecureW2 Enterprise Client

Similar documents
RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Cisco Systems, Inc. Aironet Access Point

RSA Ready Implementation Guide for

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

VMware Identity Manager vidm 2.7

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

Barracuda Networks SSL VPN

Cisco Systems, Inc. Wireless LAN Controller

Dell SonicWALL NSA 3600 vpn v

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

Cyber Ark Software Ltd Sensitive Information Management Suite

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

Cisco Systems, Inc. Catalyst Switches

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Barracuda Networks NG Firewall 7.0.0

Apple Computer, Inc. ios

Microsoft Forefront UAG 2010 SP1 DirectAccess

Cisco Systems, Inc. IOS Router

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Rocket Software Strong Authentication Expert

Citrix Systems, Inc. Web Interface

Vanguard Integrity Professionals ez/token

RSA SECURID ACCESS PAM Agent Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Pulse Secure Policy Secure

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

SSH Communications Tectia 6.4.5

Barron McCann Technology X-Kryptor

Infosys Limited Finacle e-banking

Attachmate Reflection for Secure IT 8.2 Server for Windows

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA SecurID Implementation

Security Access Manager 7.0

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Microsoft Unified Access Gateway 2010

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

RSA SecurID Ready Implementation Guide

Open System Consultants Radiator RADIUS Server

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Fischer International Identity Fischer Identity Suite 4.2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

SailPoint IdentityIQ 6.4

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Hitachi ID Systems Inc Identity Manager 8.2.6

How to Configure the RSA Authentication Manager

RSA Ready Implementation Guide for

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Secured by RSA Implementation Guide for Software Token Authenticators

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

RSA Ready Implementation Guide for

SOFTEL Communications Password Reset and Identity Management Suite

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

How to RSA SecureID with Clustered NATIVE

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Pass4sure CASECURID01.70 Questions

TalariaX sendquick Alert Plus

Advantage Cloud Two-Factor Security Process

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

Remote Access User Guide for Mac OS (Citrix Instructions)

Intel Security/McAfee Endpoint Encryption

Integration Guide. LoginTC

McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

Configuring 802.1X Authentication Client for Windows 8

RSA Ready Implementation Guide for

RSA Two Factor Authentication. Feature Description

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP

Data Structure Mapping

SecuRemote for Windows 32-bit/64-bit

Protected EAP (PEAP) Application Note

Data Structure Mapping

Rhodes University Wireless Network

BMC Software BMC Provisioning Module for RSA Authentication Manager

Wireless LAN Profile Setup

Data Structure Mapping

Authentify SMS Gateway

ipad in Business Security Overview

ForeScout CounterACT. Configuration Guide. Version 4.3

Remote Support Security Provider Integration: RADIUS Server

Integration Guide. SafeNet Authentication Service (SAS)

Data Structure Mapping

Data Structure Mapping

AT&T Global Smart Messaging Suite

Configuring the Client Adapter through the Windows XP Operating System

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

RSA Ready Implementation Guide for

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Checkpoint SecureClient Integration

Transcription:

RSA SecurID Ready Implementation Guide Partner Information Last Modified: January 16, 2015 Product Information Partner Name Web Site Product Name Version & Platform Product Description SecureW2 www.securew2.com SecureW2 3.5.12 for Windows XP/Vista/7/8 SecureW2 offers a comprehensive set of authentication, encryption and security features for 802.1X based access for wireless and wired networks. Enterprise client has support for a full range of Extensible Authentication Protocols (EAP) including EAP-GTC for two-factor authentication, PEAP v0 & v1, EAP-TTLS and EAP-SIM. network and security settings can be pre-configured and deployed to endpoints via MSI for Microsoft GPO and other software distribution tools. Available security features include configuration lockdown and prevention of wireless bridging to wired corporate networks.

Solution Summary SecureW2 enables RSA SecurID authentication for Wireless/Wired 802.1X/EAP connections on Windows Platforms. SecureW2 Enterprise Client (Wireless) 802.1X Wireless Controller / Access Point RSA Server (RADIUS) SecureW2 Enterprise Client (Wired) 802.1X Wired Switch RSA Authentication Manager supported features SecureW2 3.5.12 RSA SecurID Authentication via Native RSA SecurID UDP Protocol RSA SecurID Authentication via Native RSA SecurID TCP Protocol RSA SecurID Authentication via RADIUS Protocol RSA SecurID Authentication via IPv6 On-Demand Authentication via Native SecurID UDP Protocol On-Demand Authentication via Native SecurID TCP Protocol On-Demand Authentication via RADIUS Protocol Risk-Based Authentication RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA SecurID Software Token Automation RSA SecurID SD800 Token Automation RSA SecurID Protection of Administrative Interface Yes Yes Yes Yes - 2 -

Agent Host Configuration To facilitate communication between the SecureW2 and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database. The Agent Host record identifies the SecureW2 and contains information about communication and encryption. RSA Authentication Manager 8.0 introduces a new TCP-based authentication protocol and corresponding agent API. RSA Authentication Manager 8.0 also maintains support for the existing UDP-based authentication protocol and agents. The agent host records for TCP and UDP agents are configured similarly, but there are some important differences. Include the following information when configuring a UDP-based agent host record. Hostname IP addresses for network interfaces Note: The UDP-based authentication agent s hostname must resolve to the IP address specified. Include the following information when configuring a TCP-based agent host record. RSA agent name (in the hostname field) Note: The RSA agent name is specified in the rsa_api.properties file. Set the Agent Type to Standard Agent when adding the Authentication Agent. This setting is used by the RSA Authentication Manager to determine how communication with SecureW2 will occur. If SecureW2 will be communicating with RSA Authentication Manager via RADIUS, then a RADIUS client that corresponds to the agent host record must be created in the RSA Authentication Manager. RADIUS clients are managed using the RSA Security Console. The following information is required to create a RADIUS client: Hostname IP Addresses for network interfaces RADIUS Secret Note: The RADIUS client s hostname must resolve to the IP address specified. Please refer to the appropriate RSA documentation for additional information about creating, modifying and managing Authentication Agents and RADIUS clients. - 3 -

Partner Product Configuration Before You Begin This section provides instructions for integrating the SecureW2 with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All SecureW2 components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuring SecureW2 for SecurID Authentication Pre-requisites SecureW2 implements the client side of an 802.1X protected network. This document assumes the other aspect of the network (Network Access Points/RSA Authentication Manager/RADIUS Server) are implemented and working correctly. - 4 -

Configuration via user interface Use the SecureW2 to enable RSA SecurID authentication. The configuration is for both PEAP and TTLS. This section assumes the user is familiar with the way to configure 802.1X on a Windows system, for both wireless and wired. 1. Create a new profile, use the profile DEFAULT and select Configure. Figure 1. SecureW2 Configuration UI 2. In the Authentication TAB select EAP as your Authentication method and the SecureW2 EAP-GTC as your EAP Type. Select Configure to configure EAP-GTC for RSA SecurID. Figure 2. SecureW2 Authentication TAB - 5 -

3. The most commonly used settings are Check For Software Token and Use Credentials User Interface. This will give the user the optimal RSA SecurID experience. The other options are discussed in the SecureW2 General Administrators Guide. Figure 3. SecureW2 EAP-GTC Configuration - 6 -

Configuration via Pre-Configuration File The following steps assume you have downloaded the SecureW2 installer and have extracted it in to a temporary folder. Next create a SecureW2.inf pre-configuration file and place this file in the same temporary folder as the installer. When the installer is run it will look for this pre-configuration file and use it to pre-configure SecureW2. For basic installation of the client please see our SecureW2 - Installation Basic tutorial in the Learn section of the SecureW2 website. Note: It is possible to automate this process and create a single MSI package which deploys and runs the installer and pre-configuration file. This is not within the scope of this document. A tutorial can be found in the Learn section of the SecureW2 website SecureW2 MSI Installer - Basic Setup. The following shows a SecureW2.inf file for basic RSA SecurID authentication. This file will setup a wireless SSID SecureW2 configured for WPA2/AES and add a SecureW2 configuration for PEAP/GTC with RSA SecurID Authentication. http://www.securew2.com/resources/tutorials/inf/securew2_eappeapeapgtc.inf Change the settings of the SecureW2.inf file according to your network requirements. Installation Run the installer (or the MSI package) on the client machine. This will add the configured SSID to the list of preferred wireless networks. Figure 4. SecureW2 Installer EAP Method Selection Important: Make sure you select the EAP-TTLS/EAP-PEAP and the EAP-GTC options. - 7 -

RSA SecurID Login Screens End User Experience Authentication In a wireless environment the authentication will commence when the SSID is within range. You will be presented with the following screen: Figure 5. SecureW2 RSA SecurID Credentials Enter the appropriate username and passcode and if correct the 802.1X authentication will proceed and a valid Ethernet connection will be available. - 8 -

The following shows a selection of screenshots that an end user can expect to see within SecureW2 when RSA SecurID authentication occurs. Figure 6. System generated New PIN Figure 7. Next Passcode - 9 -

Software token support If configured correctly and a Software token is available, SecureW2 will show an extra interface allowing the user to interact with the user s Software token. The following is an example screen of when a RSA software token is detected. Figure 8. RSA SecurID Software Token - 10 -

Certification Test Checklist for RSA Authentication Manager Certification Environment Product Name Version Information Operating System RSA Authentication Manager 8.1 Virtual Appliance RSA Software Token 4.1.2 Windows XP/Vista/7/8 SecureW2 3.5.12 Windows XP/Vista/7/8 RSA SecurID Authentication Date Tested: January 15, 2015 Mandatory Functionality RSA Native RSA Native RADIUS UDP Agent TCP Agent Client New PIN Mode Force Authentication After New PIN System Generated PIN User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) Deny 4 and 8 Digit PIN Deny Alphanumeric PIN Deny PIN Reuse Passcode 16 Digit Passcode 4 Digit Fixed Passcode Next Tokencode Mode Next Tokencode Mode On-Demand Authentication On-Demand Authentication On-Demand New PIN Load Balancing / Reliability Testing Failover (3-10 Replicas) No RSA Authentication Manager GLS / PAR = Pass = Fail = Not Applicable to Integration - 11 -

Certification Test Checklist for RSA Authentication Manager Software Token Automation Date Tested: January 15, 2015 Mandatory Functionality RSA Native RSA Native RADIUS UDP Agent TCP Agent Client PINless Token Next Tokencode Mode PINpad-style Token Deny Alphabetic PIN Next Tokencode Mode Fob-style Token 16 Digit Passcode Alphanumeric PIN Next Tokencode Mode Other System Generated PIN Password Protected PIN SID800 Token Automation Date Tested: January 15, 2015 Mandatory Functionality RSA Native RSA Native RADIUS UDP Agent TCP Agent Client PINless Mode PINless Token New PIN Mode User Defined PIN System Generated PIN Next Tokencode Mode Next Tokencode Mode GLS / PAR = Pass = Fail = Not Applicable to Integration - 12 -

Known Issues SecureW2 v3.5.12 does not support alphanumeric software PIN. - 13 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback