McAfee Endpoint Encryption

Similar documents
Intel Security/McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Symantec Encryption Desktop

RSA SecurID Implementation

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

SSH Communications Tectia SSH

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

McAfee Drive Encryption Administration Course

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Barracuda Networks SSL VPN

SafeNet Authentication Client

Apple Computer, Inc. ios

SSH Communications Tectia 6.4.5

RSA Ready Implementation Guide for

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA SecurID Ready Implementation Guide

VMware Identity Manager vidm 2.7

Authentify SMS Gateway

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

Cisco Systems, Inc. Wireless LAN Controller

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

Dell SonicWALL NSA 3600 vpn v

Open System Consultants Radiator RADIUS Server

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

Citrix Systems, Inc. Web Interface

About this release This document contains important information about the current release. We strongly recommend that you read the entire document.

TalariaX sendquick Alert Plus

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

RSA Ready Implementation Guide for

RSA SecurID Ready Implementation Guide

VMware VMware View. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 27 th, 2014

Barracuda Networks NG Firewall 7.0.0

RSA Ready Implementation Guide for

Cisco Systems, Inc. Aironet Access Point

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

Attachmate Reflection for Secure IT 8.2 Server for Windows

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

SailPoint IdentityIQ 6.4

AT&T Global Smart Messaging Suite

Microsoft Forefront UAG 2010 SP1 DirectAccess

McAfee Security Connected Integrating epo and MFECC

McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)

SecureW2 Enterprise Client

Microsoft Exchange Online

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

Vanguard Integrity Professionals ez/token

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

SOFTEL Communications Password Reset and Identity Management Suite

McAfee File and Removable Media Protection Product Guide

Cyber Ark Software Ltd Sensitive Information Management Suite

Fischer International Identity Fischer Identity Suite 4.2

Microsoft Unified Access Gateway 2010

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

RSA SecurID Ready Implementation Guide

How to Configure the RSA Authentication Manager

Barron McCann Technology X-Kryptor

Infosys Limited Finacle e-banking

Advantage Cloud Two-Factor Security Process

Thales nshield Series

Cisco Systems, Inc. Catalyst Switches

McAfee Client Proxy Product Guide

McAfee File and Removable Media Protection 6.0.0

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

RSA Secured Implementation Guide For User Management Products

Ultra Electronics AEP Networks Ltd Ultra Safe Keyper

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

McAfee epolicy Orchestrator Release Notes

Cisco Systems, Inc. IOS Router

Security Cooperation Information Portal

McAfee Drive Encryption Product Guide. (McAfee epolicy Orchestrator)

Secured by RSA Implementation Guide for Software Token Authenticators

Security Access Manager 7.0

Windows Smart Card Logon Use Case

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

BMC Software BMC Provisioning Module for RSA Authentication Manager

Pulse Secure Policy Secure

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

McAfee Enterprise Mobility Management 12.0 Software

McAfee MER for EPO 3.1 Walkthrough Guide. About this guide This guide provides information on how to use McAfee MER for EPO 3.1.

McAfee Security Connected Integrating EPO and MAM

Oracle EnterpriseSingle Sign-on Authentication Manager. Installation and Setup Guide Release E

Rocket Software Strong Authentication Expert

McAfee epolicy Orchestrator Release Notes

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Secured by RSA Implementation Guide. Last Modified: August 2, 2013

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Transcription:

Secured by RSA Implementation Guide for SecurID Authenticators Last Modified: December 4, 2013 Partner Information Product Information Partner Name McAfee Web Site www.mcafee.com Product Name (EEPC) Version & Platform 7.0.2 McAfee delivers encryption integrated with Product Description centralized management that helps prevent unauthorized access and loss or theft of sensitive data. Product Category Disk/File Encryption

Solution Summary McAfee and the RSA SID800 smart card combine seamlessly to provide end-users with a single form factor for enterprise two-factor authentication. Users can store the keys necessary to unlock the encrypted data on their hard drive on the same device used to provide RSA SecurID authentication throughout the enterprise. Partner Integration Overview Interoperable through RSA Authentication Client Pre-Boot Authentication If Pre-Boot, which tokens are supported? No Yes SID800 Rev D4-2 -

Product Configuration for Interoperability Interoperability between the RSA Authenticators and McAfee requires the installation of McAfee. Before You Begin This section provides instructions for integrating RSA Authenticators with McAfee. The document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuration There are two methods of RSA SID800 integration available for use with McAfee. RSA PKI smart card PKI smart card authentication requires a Certificate Authority integrated with a Microsoft Windows Domain. The Certificate Authority issues the PKI certificate to a Windows Domain user. The private key is stored on the RSA SID800 smart card and associated with the Windows Domain user. Authentication with PKI smart card requires the following actions; Enabling LDAP Synchronization for the Domain is required. Associate an User to a computer is required. Create policy and policy assignment rule for PKI Authentication. Enable UBP Enforcement is required. RSA Stored Value Token A stored value is written to the RSA SID800 smart card by the McAfee pre-boot environment. Authentication with a Stored Value Token requires the following actions; Enabling LDAP Synchronization for the Domain is not required for users not managed by a Windows Domain. Associate an User to a computer is required. Create policy and policy assignment rule for Stored Value Authentication. Enable UBP Enforcement is required. Note: If you require both PKI and Stored Value authentication types within your environment you must create separate policies. - 3 -

Enable LDAP Synchronization for the Domain 1. Select Menu > Automation > Server Tasks to create an LDAP synchronization task. 2. Select New Task. - 4 -

3. Name the task and select Next. 4. Select EE LDAP Server User/Group Synchronization within the Actions drop down list and set your LDAP Server then select Next. - 5 -

5. Set the frequency of the LDAP synchronization server task as needed then select Next. 6. Complete the creation of the task by selecting Save. - 6 -

7. Click the Run link under the Actions column to verify LDAP synchronization. 8. The task must complete successfully to continue. - 7 -

Associate an User to a computer 1. Associate a user with a computer by selecting Menu > Data Protection > Encryption Users. 2. Select the system to associate the user and click Actions > and Add User(s). - 8 -

3. Select the button to associate the User to the computer. 4. Search for the user to associate and add by selecting the checkbox next to the users name and click OK. 5. Click OK once you have selected the user. - 9 -

Create policy and policy assignment rule for PKI Authentication 1. Create a PKI Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. - 10 -

3. Set the Policy Name of the User Based policy then click OK. 4. Select the New Policy by clicking RSA SID800 PKI Policy. - 11 -

5. Select RSA PKI Smart Card from the Token Type list. 6. Select Save. - 12 -

7. Create a PKI Policy Assignment to enable PKI authentication with the SID800 smart card. Select Menu > Policy > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. - 13 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. - 14 -

11. Select 7.0.2 from the Product list, User Based Policies from the Category list and RSA SID800 PKI Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the PKI smart card rule. b - 15 -

13. Search for the domain user by selecting Search and entering the name of the user in the Search Users field, then select Search. b 14. Select the user and then select OK. - 16 -

15. Select Next. 16. Select Save. - 17 -

Create policy and policy assignment rule for Stored Value Authentication 1. Create a Stored Value Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. - 18 -

3. Set the Policy Name of the User Based policy. 4. Select the New Policy by clicking RSA SID800 Stored Value Policy. - 19 -

5. Select RSA Stored Value Smart Card from the Token Type list. 6. Select Save. - 20 -

7. Create a Stored Value smart card Policy Assignment to enable Stored Value authentication with the SID800 smart card. Select Menu > Policy > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. - 21 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. - 22 -

11. Select 7.0.2 from the Product list, User Based Policies from the Category list and RSA SID800 Stored value Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the Stored Value smart card rule. b - 23 -

13. Search for the domain user by selecting Search and entering the name of the user in the Search Users field, then select Search. b 14. Select the user and then select OK. - 24 -

15. Select Next. 16. Select Save. - 25 -

Enable UBP Enforcement 1. Set UBP enforcement for users by selecting Menu > Reporting > Queries and Reports. 2. Perform a Quick find to locate and run the EE: Users report. - 26 -

3. Select the AD users to enable UBP enforcement and from the Actions menu select and Configured UBP enforcement. 4. Select Enable from the Configure UBP enforcement options then select OK. - 27 -

5. Select Close to complete setting UBP enforcement. Client Synchronization 1. To complete setup of smart card authentication with the SID800 the client computer needs to be updated by synchronizing with the epo server. A synchronization will push the recently created policies associated with that user and their token data to the client computer. 2. A synchronization can be forced from epo using an Agent Wake-Up call or the synchronization can be forced from the client using the McAfee Agent user interface or simply by waiting for the next ASCI + Policy Enforcement interval. Note: During the synchronization log will show an entry for Enforcing User (<name>) Policies for EE_Admin1000 where <name> = username. Restart the System and Authenticate 1. When the system is restarted the EEPC pre boot will be displayed. At this stage the user is prompted to authenticate. Ensure that the token is inserted either before booting the system or before attempting to authenticate. 2. Enter the username and click Next. 3. The user will be prompted for the PIN, enter the smart card PIN and click OK. 4. If the client is configured as a PKI smart card user the client is authenticated. 5. If the client is configured as a Stored Value token user the user will be prompted to enter the McAfee epo default password and then the smart card PIN. The smart card will then be initialized with the stored value and the client computer will boot Windows. Note: The RSA SID800 smart card is now ready for use and is successfully assigned to the user. - 28 -

Certification Checklist for 3 rd Party Applications Date Tested: December 5, 2013 Product Operating System Tested Version McAfee epolicy Orchestrator Windows 2003 R2 SP2 4.6 RSA Authentication Client Windows 8 3.6 McAfee EEPC Windows 8 7.0.2 RSA SecurID 800 Windows 8 Rev D4 Test Cases Symmetric Keys Asymmetric Keys RSA SecurID 800 Preboot Authentication Disk/File Encryption N/A N/A 1024 Certificate N/A 2048 Certificate N/A Write Key/Certificate Delete Key/Certificate Token Management RAC API Modify Token PIN Verify Token PIN N/A N/A Initialize Token N/A N/A DRP = Pass = Fail N/A = Non-Available Function - 29 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback