RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Similar documents
Cisco Systems, Inc. Wireless LAN Controller

RSA Ready Implementation Guide for

Cisco Systems, Inc. Aironet Access Point

Barracuda Networks SSL VPN

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

Cisco Systems, Inc. Catalyst Switches

Dell SonicWALL NSA 3600 vpn v

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

VMware Identity Manager vidm 2.7

RSA SecurID Ready Implementation Guide

Apple Computer, Inc. ios

RSA SecurID Ready Implementation Guide

Cisco Systems, Inc. IOS Router

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

RSA SecurID Implementation

Barracuda Networks NG Firewall 7.0.0

Citrix Systems, Inc. Web Interface

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

SecureW2 Enterprise Client

Barron McCann Technology X-Kryptor

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Vanguard Integrity Professionals ez/token

Cyber Ark Software Ltd Sensitive Information Management Suite

Rocket Software Strong Authentication Expert

Attachmate Reflection for Secure IT 8.2 Server for Windows

RSA SecurID Ready Implementation Guide

Infosys Limited Finacle e-banking

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

RSA SECURID ACCESS PAM Agent Implementation Guide

SSH Communications Tectia 6.4.5

Microsoft Unified Access Gateway 2010

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Pulse Secure Policy Secure

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Microsoft Forefront UAG 2010 SP1 DirectAccess

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Security Access Manager 7.0

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

Open System Consultants Radiator RADIUS Server

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

Fischer International Identity Fischer Identity Suite 4.2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

RSA Ready Implementation Guide for

How to Configure the RSA Authentication Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

RSA Ready Implementation Guide for

Hitachi ID Systems Inc Identity Manager 8.2.6

How to RSA SecureID with Clustered NATIVE

McAfee Endpoint Encryption

SailPoint IdentityIQ 6.4

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Intel Security/McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

TalariaX sendquick Alert Plus

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

RSA Ready Implementation Guide for

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

SOFTEL Communications Password Reset and Identity Management Suite

RSA Authentication Manager 7.1 Administrator s Guide

Remote Access User Guide for Mac OS (Citrix Instructions)

Symantec Encryption Desktop

Understanding ACS 5.4 Configuration

RSA Authentication Manager 7.1 Migration Guide

Microsoft Exchange Online

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

Authentify SMS Gateway

BMC Software BMC Provisioning Module for RSA Authentication Manager

Technical Note: RSA SecurID /SA Integration

Integration Guide. SafeNet Authentication Service. Strong Authentication for Citrix Web Interface 4.6

AT&T Global Smart Messaging Suite

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

User Databases. ACS Internal Database CHAPTER

Data Structure Mapping

Data Structure Mapping

Data Structure Mapping

VMware VMware View. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 27 th, 2014

Implementing Network Admission Control

Resource: Installing Cisco Secure ACS 3.0 and greater for Windows 2000

Pass4sure CASECURID01.70 Questions

Data Structure Mapping

Data Structure Mapping

XenApp 5 Security Standards and Deployment Scenarios

Cisco Systems, Inc IronPort

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

Advantage Cloud Two-Factor Security Process

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Secured by RSA Implementation Guide for Software Token Authenticators

Data Structure Mapping

RSA Authentication Manager 6.1 to 8.0 Migration Guide

SSH Communications Tectia SSH

Transcription:

Cisco Systems Cisco Secure Access Control System RSA SecurID Ready Implementation Guide Partner Information Last Modified: March 27, 2008 Product Information Partner Name Cisco Systems, Inc. Web Site www.cisco.com Product Name Cisco Secure Access Control System (ACS) Appliance Version & Platform V4.1.1 (build 23) Product Description Cisco Secure Access Control Server (ACS) for Windows provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to control: Product Category Cisco Secure ACS is a main pillar of Cisco trust and identity networking security solutions. It extends access security by combining authentication, user and administrator access, and policy control from a centralized identity networking framework, allowing greater flexibility and mobility, increased security, and user productivity gains. With Cisco Secure ACS, you can manage and administer user access for Cisco IOS routers, VPNs, firewalls, dialup and DSL connections, cable access solutions, storage, content, voice over IP (VoIP), Cisco wireless solutions, and Cisco Catalyst switches using IEEE 802.1x access control. RADIUS Servers

Solution Summary Partner Integration Overview Authentication Methods Supported List Library Version Used RSA Authentication Manager Name Locking RSA Authentication Manager Replica Support Secondary RADIUS Server Support Location of Node Secret on Agent RSA Authentication Agent Host Type RSA SecurID User Specification RSA SecurID Protection of Administrative Users RSA Software Token API Integration Use of Cached Domain Credentials RADIUS N/A N/A N/A Yes(1) N/A Net OS Designated Users, All Users, RSA SecurID as Default No No No 2

Product Requirements Partner Product Requirements: Cisco Secure ACS Appliance Application Additional Patches Microsoft Internet Explorer 6.0 Service Pack 2 Sun Java Plug-in 1.4.2-04 or Microsoft Java Virtual Machine Netscape Communicator 7.1 Sun Java Plug-in 1.4.2-04 Note: Both Java and JavaScript must be enabled in browsers used to administer Cisco Secure ACS 3

Agent Host Configuration To facilitate communication between the Cisco Secure ACS and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database and RADIUS database. The Agent Host record identifies the Cisco Secure ACS within its database and contains information about communication and encryption. To create the Agent Host record, you will need the following information. Hostname IP Addresses for all network interfaces RADIUS Secret (When using RADIUS Authentication Protocol) When adding the Agent Host Record, you should configure the Cisco Secure ACS as Net OS. This setting is used by the RSA Authentication Manager to determine how communication with the Cisco Secure ACS will occur. Note: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network. Please refer to the appropriate RSA Security documentation for additional information about Creating, Modifying and Managing Agent Host records. 4

Partner Authentication Agent Configuration Before You Begin This section provides instructions for integrating the partners product with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Documenting the Solution Activating RSA SecurID authentication: Cisco Secure ACS supports SecurID authentication of users. To configure Cisco Secure ACS 4.1.1 to authenticate users with Authentication Manger, follow these steps: 1. In the left-hand navigation bar, click. 5

2. Click Database Configuration. 3. Click RADIUS Token Server. 6

4. Click Create New Configuration. 5. Enter a name to label the configuration. 6. Click Submit. 7

7. Click Configure under External User Database Configuration. 8. Enter RADIUS Server configuration information and click Submit. 8

Adding/Configuring SecurID authentication to your Unknown User Policy: 1. In the left-hand navigation bar, click. 2. Click Unknown User Policy. 3. Select Check the following external user databases, highlight RSA RADIUS Token Server and move it to the Selected Databases box by clicking the ->. 4. Click Submit. 9

Adding/Configuring SecurID authentication for specific user accounts: 1. In the left-hand navigation bar, click. 2. Type in the User name. 3. Click Add/Edit. 4. Under > Password Authentication, choose RSA RADIUS Token Server. 10

Certification Checklist For RSA Authentication Manager 6.1.x Date Tested: March 15, 2008 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 6.1.2 Windows 2003 Enterprise Server Cisco Secure ACS Appliance 4.1.1 (build 23) N/A Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Generated PIN User Defined (4-8 Alphanumeric) N/A User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) N/A User Defined (5-7 Numeric) User Selectable N/A User Selectable Deny 4 and 8 Digit PIN N/A Deny 4 and 8 Digit PIN Deny Alphanumeric PIN N/A Deny Alphanumeric PIN PASSCODE 16 Digit PASSCODE N/A 16 Digit PASSCODE 4 Digit Password N/A 4 Digit Password Next Tokencode Mode Next Tokencode Mode N/A Next Tokencode Mode Load Balancing / Reliability Testing Failover (3-10 Replicas) N/A Failover Name Locking Enabled N/A Name Locking Enabled No RSA Authentication Manager N/A No RSA Authentication Manager Additional Functionality RSA Software Token Automation System Generated PIN N/A System Generated PIN N/A User Defined (8 Digit Numeric) N/A User Defined (8 Digit Numeric) N/A User Selectable N/A User Selectable N/A Next Tokencode Mode N/A Next Tokencode Mode N/A RSA SD800 Token Automation System Generated PIN N/A System Generated PIN N/A User Defined (8 Digit Numeric) N/A User Defined (8 Digit Numeric) N/A User Selectable N/A User Selectable N/A Next Tokencode Mode N/A Next Tokencode Mode N/A Domain Credential Functionality Determine Cached Credential State N/A Determine Cached Credential State Set Domain Credential N/A Set Domain Credential Retrieve Domain Credential N/A Retrieve Domain Credential CMY = Pass = Fail N/A = Non-Available Function 11

Certification Checklist For RSA Authentication Manager 7.1 Date Tested: March 27 th, 2008 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 7.1 Windows 2003 Enterprise Server Cisco Secure ACS Appliance 4.1.1 (build 23) N/A Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Generated PIN User Defined (4-8 Alphanumeric) N/A User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) N/A User Defined (5-7 Numeric) Deny 4 and 8 Digit PIN N/A Deny 4 and 8 Digit PIN Deny Alphanumeric PIN N/A Deny Alphanumeric PIN Deny Numeric PIN N/A Deny Numeric PIN PIN Reuse N/A PIN Reuse Passcode 16 Digit Passcode N/A 16 Digit Passcode 4 Digit Fixed Passcode N/A 4 Digit Fixed Passcode Next Tokencode Mode Next Tokencode Mode N/A Next Tokencode Mode Load Balancing / Reliability Testing Failover (3-10 Replicas) N/A Failover No RSA Authentication Manager N/A No RSA Authentication Manager Additional Functionality RSA Software Token Automation System Generated PIN N/A System Generated PIN N/A User Defined (8 Digit Numeric) N/A User Defined (8 Digit Numeric) N/A Next Tokencode Mode N/A Next Tokencode Mode N/A RSA SecurID 800 Token Automation System Generated PIN N/A System Generated PIN N/A User Defined (8 Digit Numeric) N/A User Defined (8 Digit Numeric) N/A Next Tokencode Mode N/A Next Tokencode Mode N/A CMY = Pass = Fail N/A = Non-Available Function 12

Known Issues 1. Force Authentication after New PIN (both System Generated and User Defined), does not function as designed. The user is immediately authenticated after selecting or entering a NEW PIN. Cisco has been notified as this is how Cisco ACS is currently processing NEW PIN requests. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback