<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

Similar documents
Intel Security/McAfee Endpoint Encryption

McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Symantec Encryption Desktop

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

SSH Communications Tectia SSH

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

RSA SecurID Implementation

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

VMware Identity Manager vidm 2.7

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

McAfee Drive Encryption Administration Course

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

Barracuda Networks SSL VPN

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Dell SonicWALL NSA 3600 vpn v

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

SSH Communications Tectia 6.4.5

Apple Computer, Inc. ios

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

McAfee File and Removable Media Protection Product Guide

McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA Ready Implementation Guide for

RSA SecurID Ready Implementation Guide

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

Authentify SMS Gateway

SafeNet Authentication Client

Cisco Systems, Inc. Wireless LAN Controller

Barracuda Networks NG Firewall 7.0.0

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

Citrix Systems, Inc. Web Interface

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

TalariaX sendquick Alert Plus

SailPoint IdentityIQ 6.4

RSA Ready Implementation Guide for

Microsoft Forefront UAG 2010 SP1 DirectAccess

Cisco Systems, Inc. Aironet Access Point

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Open System Consultants Radiator RADIUS Server

SecureW2 Enterprise Client

McAfee File and Removable Media Protection 6.0.0

Advantage Cloud Two-Factor Security Process

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

SOFTEL Communications Password Reset and Identity Management Suite

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

RSA Secured Implementation Guide For User Management Products

Barron McCann Technology X-Kryptor

Cyber Ark Software Ltd Sensitive Information Management Suite

How to Configure the RSA Authentication Manager

RSA SecurID Ready Implementation Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

Cisco Systems, Inc. Catalyst Switches

VMware VMware View. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 27 th, 2014

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Microsoft Unified Access Gateway 2010

Thales nshield Series

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Attachmate Reflection for Secure IT 8.2 Server for Windows

Vanguard Integrity Professionals ez/token

RSA Ready Implementation Guide for

McAfee File and Removable Media Protection Installation Guide

Fischer International Identity Fischer Identity Suite 4.2

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

AT&T Global Smart Messaging Suite

Cisco Systems, Inc. IOS Router

<Partner Name> <Partner Product> NETWITNESS Logs Implementation Guide. Imperva Counter Breach 11.5

Security Cooperation Information Portal

TFS WorkstationControl White Paper

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

<Partner Name> <Partner Product> RSA Ready Implementation Guide for

Infosys Limited Finacle e-banking

Microsoft Exchange Online

Secured by RSA Implementation Guide for Software Token Authenticators

McAfee Security Connected Integrating epo and MFECC

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Cisco SME Key Management

Security Access Manager 7.0

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

SecuRemote for Windows 32-bit/64-bit

Ultra Electronics AEP Networks Ltd Ultra Safe Keyper

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

Oracle EnterpriseSingle Sign-on Authentication Manager. Installation and Setup Guide Release E

McAfee epolicy Orchestrator Release Notes

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

McAfee epo Deep Command

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

McAfee MER for EPO 3.1 Walkthrough Guide. About this guide This guide provides information on how to use McAfee MER for EPO 3.1.

AT&T Global Network Client for Mac User s Guide Version 2.0.0

Rocket Software Strong Authentication Expert

Transcription:

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide Intel Security Daniel R. Pintal, RSA Partner Engineering Last Modified: December 12, 2016

Solution Summary Intel Security/McAfee Drive Encryption and the RSA SID800 smart card combine seamlessly to provide end-users with a single form factor for enterprise two-factor authentication. Users can store the keys necessary to unlock the encrypted data on their hard drive on the same device used to provide RSA SecurID authentication throughout the enterprise. Partner Integration Overview Interoperable through RSA Authentication Cli t Pre-Boot Authentication If Pre-Boot, which tokens are supported? No Yes SID800 Rev Dx -- 2 -

Product Configuration for Interoperability Interoperability between the RSA Authenticators and Intel Security/McAfee Drive Encryption requires the installation of Intel Security/McAfee Drive Encryption. Before You Begin This section provides instructions for integrating RSA Authenticators with Intel Security/McAfee Drive Encryption. The document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuration There are two methods of RSA SID800 integration available for use with Intel Security/McAfee Drive Encryption. RSA PKI smart card PKI smart card authentication requires a Certificate Authority integrated with a Microsoft Windows Domain. The Certificate Authority issues the PKI certificate to a Windows Domain user. The private key is stored on the RSA SID800 smart card and associated with the Windows Domain user. Authentication with PKI smart card requires the following actions; Enabling LDAP Synchronization for the Domain is required. Associate a Drive Encryption User to a computer is required. Create policy and policy assignment rule for PKI Authentication. Enable UBP Enforcement is required. RSA Stored Value Token A stored value is written to the RSA SID800 smart card by the Intel Security/McAfee pre-boot environment. Authentication with a Stored Value Token requires the following actions; Enabling LDAP Synchronization for the Domain is not required for users not managed by a Windows Domain. Associate a Drive Encryption User to a computer is required. Create policy and policy assignment rule for Stored Value Authentication. Enable UBP Enforcement is required. Important: If you require both PKI and Stored Value authentication types within your environment you must create separate policies. -- 3 -

Enable LDAP Synchronization for the Domain 1. Select Menu > Server Tasks to create an LDAP synchronization task. 2. Select the button at the bottom of the page. -- 4 -

3. Name the task and select Next. 4. Select LDAPSync: Sync across users from LDAP within the Actions drop down list and set your LDAP Server then select Next. -- 5 -

5. Set the frequency of the LDAP synchronization server task as needed then select Next. 6. Complete the creation of the task by selecting Save. -- 6 -

7. Click the Run link under the Actions column to verify LDAP synchronization. 8. The task must complete successfully to continue. -- 7 -

Associate a Drive Encryption User to a computer 1. Associate a user with a computer by selecting Menu > Data Protection > Encryption Users. 2. Select the system to associate the user and click Actions > Drive Encryption and Add User(s). -- 8 -

3. Select the button to associate the User to the computer. 4. Search for the user to associate and add by selecting the checkbox next to the users name and click OK. -- 9 -

5. Click OK once you have selected the user. -- 10 -

Create policy and policy assignment rule for PKI Authentication 1. Create a PKI Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. -- 11 -

3. Set the Policy Name of the User Based policy then click OK. 4. Select the New Policy by clicking RSA SID800 PKI Policy. -- 12 -

5. Select RSA PKI Smart Card from the Token Type list. 6. Select Save. -- 13 -

7. Create a PKI Policy Assignment to enable PKI authentication with the SID800 smart card. Select Menu > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. -- 14 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. -- 15 -

11. Select from the Product list, User Based Policies from the Category list and RSA SID800 PKI Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the PKI smart card rule. -- 16 -

13. Select Container and children from the Preset drop down list. b 14. Select the user and then select OK. -- 17 -

15. Select Next. 16. Select Save. -- 18 -

Create policy and policy assignment rule for Stored Value Authentication 1. Create a Stored Value Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. -- 19 -

3. Set the Policy Name of the User Based policy. 4. Select the New Policy by clicking RSA SID800 Stored Value Policy. -- 20 -

5. Select RSA Stored Value Smart Card from the Token Type list. 6. Select Save. -- 21 -

7. Create a Stored Value smart card Policy Assignment to enable Stored Value authentication with the SID800 smart card. Select Menu > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. -- 22 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. -- 23 -

11. Select from the Product list, User Based Policies from the Category list and RSA SID800 Stored value Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the Stored Value smart card rule. b -- 24 -

13. Select Container and children from the Preset drop down list. b 14. Select the user and then select OK. -- 25 -

15. Select Next. 16. Select Save. -- 26 -

Client Synchronization 1. To complete setup of smart card authentication with the SID800 the client computer needs to be updated by synchronizing with the epo server. A synchronization will push the recently created policies associated with that user and their token data to the client computer. 2. A synchronization can be forced from epo using an Agent Wake-Up call or the synchronization can be forced from the client using the Intel Security/McAfee Agent user interface or simply by waiting for the next ASCI + Policy Enforcement interval. 3. To verify the status of Drive Encryption on the users workstation open Intel Security/Mcafee Drive Encryption System Status by right clicking the Intel Security/McAfee Tray icon. 4. Select Quick Settings > Show Drive Encryption Status. -- 27 -

5. Select Close and restart the system if Drive Encryption is complete. Important: Before restarting the system, insure that encryption is completed. Once encryption is completed the user will be able to perform preboot authentication with the assigned SID800 token. Rebooting the system prior to the completion of encryption will require the user to login using a password or perform a Intel Security/McAfee Drive Encryption Recovery. Restart the System and Authenticate 1. When the system is restarted the Drive Encryption pre boot will be displayed. At this stage the user is prompted to authenticate. Ensure that the token is inserted either before booting the system or before attempting to authenticate. 2. Enter the username and click Next. 3. The user will be prompted for the PIN, enter the smart card PIN and click OK. 4. If the client is configured as a PKI smart card user the client is authenticated. 5. If the client is configured as a Stored Value token user the user will be prompted to enter the McAfee epo default password and then the smart card PIN. The smart card will then be initialized with the stored value and the client computer will boot Windows. Important: The RSA SID800 smart card is now ready for use and is successfully assigned to the user. -- 28 -

Certification Checklist for 3 rd Party Applications Date Tested: December 12, 2016 Product Tested Version Operating System Intel Security/McAfee epolicy Orchestrator 5.1 Windows 2008 R2 Intel Security/McAfee Drive Windows 10 7.1.3.604 Encryption RSA Authentication Client 3.6 Windows 10 RSA SecurID 800 Rev Dx Windows 10 Test Cases Symmetric Keys Asymmetric Keys RSA SecurID 800 Preboot Authentication Disk/File Encryption N/A N/A 1024 Certificate N/A 2048 Certificate N/A Write Key/Certificate Delete Key/Certificate Token Management RAC API Modify Token PIN Verify Token PIN N/A N/A Initialize Token N/A N/A DRP = Pass = Fail N/A = Non-Available Function -- 29 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback