<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Similar documents
<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

Intel Security/McAfee Endpoint Encryption

Symantec Encryption Desktop

McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

SSH Communications Tectia SSH

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

VMware Identity Manager vidm 2.7

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

Barracuda Networks SSL VPN

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

AT&T Global Network Client for Mac User s Guide Version 2.0.0

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

Apple Computer, Inc. ios

RSA SecurID Implementation

Barracuda Networks NG Firewall 7.0.0

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

SSH Communications Tectia 6.4.5

AirWatch Mobile Device Management

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

AT&T Global Network Client for Mac User s Guide Version 1.7.3

SailPoint IdentityIQ 6.4

SecureW2 Enterprise Client

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

RSA SecurID Ready Implementation Guide

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Dell SonicWALL NSA 3600 vpn v

SOFTEL Communications Password Reset and Identity Management Suite

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

Endpoint Security. E80.30 Localized Version. Release Notes

Open System Consultants Radiator RADIUS Server

Cyber Ark Software Ltd Sensitive Information Management Suite

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Enabling Smart Card Logon for Linux Using Centrify Suite

Microsoft Forefront UAG 2010 SP1 DirectAccess

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017

RSA Secured Implementation Guide For User Management Products

VMware AirWatch Certificate Authentication for EAS with ADCS

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. MapR Converged Data Platform 3.1

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

Cisco Systems, Inc. Wireless LAN Controller

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Attachmate Reflection for Secure IT 8.2 Server for Windows

Citrix Systems, Inc. Web Interface

SAML-Based SSO Configuration

How to Configure the RSA Authentication Manager

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

RSA Ready Implementation Guide for

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA Two Factor Authentication. Feature Description

Qualys SAML & Microsoft Active Directory Federation Services Integration

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

SecuRemote for Windows 32-bit/64-bit

Cisco Systems, Inc. Catalyst Switches

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

RSA Ready Implementation Guide for

HP Roam - Business Deployment Guide

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Microsoft Unified Access Gateway 2010

Thales nshield Series

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

Vanguard Integrity Professionals ez/token

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Cisco CTL Client Setup

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Cisco CTL Client setup

VMware AirWatch Integration with RSA PKI Guide

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Version 1.0. October KYOCERA Document Solutions America, Inc. Software Solutions Group KYOCERA Document Solutions America, Inc.

Barron McCann Technology X-Kryptor

TalariaX sendquick Alert Plus

Ultra Electronics AEP Networks Ltd Ultra Safe Keyper

Manual UCSFwpa Configuration for Windows 7

ModeChanger

HOW TO SETUP CFS POLICIES WITH LDAP AND SSO TO RESTRICT INTERNET ACCESS ON CFS 3.0

OneLogin Integration User Guide

RSA Ready Implementation Guide for

Infosys Limited Finacle e-banking

Full Disk Encryption Pre-Boot Authentication Reference

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

TFS WorkstationControl White Paper

Two factor authentication for Microsoft Remote Desktop Web Access

RSA Ready Implementation Guide for

Integration Guide. LoginTC

Workspace ONE UEM Upgrade Guide

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

Transcription:

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide Check Point SmartEndpoint Security Daniel R. Pintal, RSA Partner Engineering Last Modified: January 27, 2017

Solution Summary RSA Security Authenticators and Check Point Full Disk Encryption integrate seamlessly by allowing users to strongly authenticate to encrypted information on their laptop or personal computer. Authentication is configured utilizing Check Point SmartEndpoint Security Management and by associating the user with a PKI certificate stored on the RSA SecurID 800 token. RSA Authentication Manager supported features Check Point E80.64 Interoperable through the RSA Authentication Client Pre-Boot Authentication If Pre-Boot, which tokens are supported? No Yes SID800 Rev Dx Partner Product Configuration Before You Begin This section provides instructions for configuring the Check Point SmartEndpoint Security FDE with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All Check Point SmartEndpoint Security FDE components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuration There is one method of RSA SID800 integration available for use with Check Point SmartEndpoint Security FDE. RSA PKI smart card PKI smart card authentication requires a Certificate Authority integrated with a Microsoft Windows Domain. The Certificate Authority issues the PKI certificate to a Windows Domain user. The private key is stored on the RSA SID800 smart card and associated with the Windows Domain user. Overview Install Check Point SmartEndpoint Security Management Server. Issue a Smartcard certificate for each user. Use the RSA Authentication Client to provision the SID800 with a certificate and PIN. Through SmartEndpoint configure a Directory Scanner to sync your Active Directory. Defining a policy for full disk encryption through SmartEndpoint. Creating a client installation package. Installing the client package on client PC. Encrypt the hard drive. -- 2 -

Setting up a Directory Scanner 1. Launch SmartEndpoint. 2. Select the Deployment tab and go to Organization Scanners in the left pane. 3. Click on Add Directory Scanner. 4. Enter the Domain Name, Username and Password. The LDAP Path and Domain Controller field should auto-populate. 5. Click OK. -- 3 -

6. Go to the Users and Computers tab to verify that scan was successful. You should now see your Active Directory structure. Defining a Policy for Full Disk Encryption 1. Go to the Policy tab. -- 4 -

2. By default the Full Disk Encryption Policy is enabled to Encrypt all hard disks. This can be disabled if needed to get pre-boot authentication working as needed. A Policy modification can be made to encrypt the drives once pre-boot is working. Disabling encryption through the policy is not required. 3. In Full Disk Encryption Policy rule, open the Authenticate user before OS loads action. 4. At the bottom of the page, click on Advanced Pre-boot Settings. -- 5 -

5. Select Enable USB devices in pre-boot environment. 6. Click OK and return to the Policy tab. 7. In a User Authentication (OneCheck) rule, right-click the Authenticate users action and select Edit. -- 6 -

8. Select Smartcard (requires certificates). 9. Select Change authentication method only after user successfully authenticates with a Smart Card. 10. Under Smartcard Drivers, search for and select the RSA drivers required for your Smartcard. 11. In the Directory Scanner area, click Configure. 12. Select Scan user certificates from Active Directory and select OK. -- 7 -

Creating a Client Installation Package 1. On the Deployment tab, select Software Deployment Rules located in the left menu. 2. Right-click the Default Software Deployment settings rule in the right menu and select Download Package. 3. Click Download. 4. From the Clients workstation install the downloaded Check Point Endpoint Security software. -- 8 -

Installing the Client Package 1. Run the installer using administrator privileges. Select Next to continue with the install. 2. Select Install to continue. -- 9 -

3. Select Yes, to restart and complete the configuration of the Check Point SmartEndpoint client. 4. After the reboot Check Point SmartEndpoint will create the pre-boot environment and begin to encrypt the hard disk(s). -- 10 -

5. When the system prompts you to reboot, select Yes. 6. With the token inserted into the computer enter the RSA SID800 Token PIN. 7. Once rebooted the Check Point client will indicate boot protection. -- 11 -

8. Once the client install is complete and users are able to login at pre-boot enable encryption by right clicking the encryption policy within the Check Point SmartEndpoint Manager and selecting Encrypt all local hard disks. 9. Once the policy has been pushed to the clients the encryption of the hard disk will begin. -- 12 -

Certification Checklist for 3 rd Party Applications Date Tested: January 27, 2017 Product Operating System Tested Version Check Point SmartEndpoint Gaia R77 E80.60 Check Point SmartEndpoint Client Window 10 x64 8.8.255 RSA SID800 Firmware 3.7 Revision Dx Test Cases Symmetric Keys Asymmetric Keys RSA SecurID 800 Preboot Authentication N/A Disk/File Encryption N/A 1024 Certificate N/A 2048 Certificate N/A Write Key/Certificate N/A N/A Delete Key/Certificate N/A N/A Token Management RAC API Modify Token PIN N/A N/A Verify Token PIN N/A N/A Initialize Token N/A N/A DRP = Pass = Fail N/A = Non-Available Function -- 13 -

Known Issues Check Point has reported an issue when deploying Check Point SmartEndpoint on Windows 10. The issue is related to a Microsoft KB3213986. More information on this can be found on the Check Point support website at the following url. https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails= &solutionid=sk115485 -- 14 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback