DIGIPASS Authentication for NETASQ

Similar documents
DIGIPASS Authentication for Check Point VPN-1

DIGIPASS Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for O2 Succendo

DIGIPASS Authentication for F5 BIG-IP

DIGIPASS Authentication for Check Point VPN-1

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

DIGIPASS Authentication for Citrix Access Essentials Web Interface

DIGIPASS Authentication to Citrix XenDesktop with endpoint protection

INTEGRATION GUIDE. DIGIPASS Authentication for VMware View

axsguard Identifier Product Guide Product Guide axsguard AXSGuard ConfigurationTool

Secure your business. Use DIGIPASS two-factor authentication. The world s leading software company specializing in Internet Security.

Use Digipass two-factor authentication

Partner Information. Integration Overview. Remote Access Integration Architecture

VACMAN Controller. HSM Integration Guide - White Paper. Revision 4.0

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

Steel-Belted RADIUS. Digipass Plug-In for SBR. SBR Plug-In SBR. G etting Started

Echidna Concepts Guide

DualShield. for. Microsoft UAG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

ISA 2006 and OWA 2003 Implementation Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

Integration Guide. SafeNet Authentication Service. Protecting Microsoft Internet Security and Acceleration (ISA) Server 2006 with SAS

VACMAN Controller. Integration Guide. White Paper

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Modify these field values (right-click and select Fields) to change text throughout the document:

Astaro Security Gateway UTM

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

SafeNet Authentication Service

Sophos Mobile Control Super administrator guide. Product version: 3.5

Implementation Guide VMWare View 5.1. DualShield. for. VMWare View 5.1. Implementation Guide

SafeNet Authentication Service

NTP Software File Auditor for Windows Edition

axsguard Gatekeeper PPTP How To 1.7

Multifactor Authentication Installation and Configuration Guide

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Citrix GoToMyPC

SafeNet Authentication Manager

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Remote Support Security Provider Integration: RADIUS Server

Partner Information. Integration Overview Authentication Methods Supported

SafeNet Authentication Service

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with CA SiteMinder

AppScaler SSO Active Directory Guide

Aimetis Symphony Mobile Bridge. 2.7 Installation Guide

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Cisco ASA

Cloud Access Manager SonicWALL Integration Overview

Object of this document

Aruba Mobility. Setup Guide

SafeNet Authentication Service

FUJITSU Cloud Service S5 Setup and Configuration of the FTP Service under Windows 2008/2012 Server

Authlogics Forefront TMG and UAG Agent Integration Guide

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Digipass Plug-In for SBR. SBR Plug-In SBR. Steel-Belted RADIUS. Installation G uide

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

Product Guide. Digipass Plug-In for IAS. IAS Plug-In. Digipass Extension for Active Directory Users and Computers. Administration MMC Interface IAS

SafeNet Authentication Manager

Security Provider Integration RADIUS Server

Cloud Access Manager Configuration Guide

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

One Identity Defender 5.9. Product Overview

Monitoring SQL Servers. Microsoft: SQL Server Enhanced PowerPack version 101

SafeNet Authentication Manager

Senstar Symphony. 7.2 Installation Guide

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Keeping your VPN protected. proven. trusted.

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for VMware Horizon 6

HySecure Quick Start Guide. HySecure 5.0

VACMAN, Identikey, axs GUARD and Digipass are registered trademarks of VASCO Data Security International Inc.

Secomea LinkManager Mobile and WAGO WebVisu-App Setup Guide

Instant HR Auditor Installation Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

Entrust PartnerLink Login Instructions

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft NPS Technical Manual Template

SafeNet Authentication Service

CounterACT User Directory Plugin

Novell Identity Manager

Novell. NetWare 6. NETWARE WEBACCESS OVERVIEW AND INSTALLATION

Keeping your VPN protected

Nimsoft Monitor Server

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

Using ZENworks with Novell Service Desk

Application Note Using SiteManager as Web Proxy And/or Mail Relay Server

Integration Guide. SafeNet Authentication Service. SAS using RADIUS Protocol with WatchGuard XTMv. SafeNet Authentication Service: Integration Guide

Configuring Microsoft Windows Shared

Device LinkUP + VIN. Service + Desktop LP Guide RDP

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

SafeNet Authentication Manager

DIGIPASS Authentication for Citrix Web Interface Guide 3.3

SafeNet Authentication Service

EAM Portal User's Guide

Silver Peak EC-V and Microsoft Azure Deployment Guide

SafeNet Authentication Client

FieldView. Management Suite

DOCUMENTATION. UVM Appliance Azure. Quick Start Guide

NetScaler Radius Authentication. Integration Guide

Integration Guide. SafeNet Authentication Service. NetDocuments

Transcription:

DIGIPASS Authentication for NETASQ With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 19

Disclaimer Disclaimer of Warranties and Limitations of Liabilities This Report is provided on an 'as is' basis, without any other warranties, or conditions. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security. Trademarks DIGIPASS & VACMAN are registered trademarks of VASCO Data Security. All trademarks or trade names are the property of their respective owners. VASCO reserves the right to make changes to specifications at any time and without notice. The information furnished by VASCO in this document is believed to be accurate and reliable. However, VASCO may not be held liable for its use, nor for infringement of patents or other rights of third parties resulting from its use. Copyright 2010 VASCO Data Security. All rights reserved. 2010 VASCO Data Security. All rights reserved. Page 2 of 19

Table of Contents DIGIPASS Authentication for NETASQ... 1 Disclaimer... 2 Table of Contents... 3 1 Overview... 4 2 Problem Description... 4 3 Solution... 4 4 Technical Concept... 5 4.1 General overview... 5 4.2 NETASQ prerequisites... 5 4.3 IDENTIKEY Server Prerequisites... 5 5 NETASQ configuration... 6 5.1 RADIUS configuration... 6 5.2 Interface configuration...10 6 IDENTIKEY Server... 11 6.1 Policy configuration...11 6.2 Client configuration...14 7 NETASQ test... 16 7.1 Response Only...16 7.2 Challenge / Response...18 8 About VASCO Data Security... 19 2010 VASCO Data Security. All rights reserved. Page 3 of 19

1 Overview The purpose of this document is to demonstrate how to use a NETASQ U Series (NETASQ) in combination with a DIGIPASS. 2 Problem Description The basic working of the NETASQ is based on authentication to an existing media (LDAP, Radius, local authentication ). To use the IDENTIKEY Server with the NETASQ, the authentication settings need to be changed. 3 Solution After configuring IDENTIKEY Server and the NETASQ in the right way, you eliminate the weakest link in any security infrastructure the use of static passwords that are easily stolen guessed, reused or shared. Figure 1: RADIUS authentication Allows users to gain access to their (web-) applications from any location. The web servers remain safely hidden behind the firewall and are not publicly reachable. Administrators have the advantage to deploy granular access control on a user or group basis. For this solution the user only needs a browser on their local client. Figure 2: Web portal 2010 VASCO Data Security. All rights reserved. Page 4 of 19

4 Technical Concept 4.1 General overview The main goal of the NETASQ is to perform authentication to secure all kind of VPN and firewall connections. As the NETASQ can perform authentication to an external service using the RADIUS protocol, we will place the IDENTIKEY Server as back-end service, to secure the authentication with our proven IDENTIKEY Server software. 4.2 NETASQ prerequisites Please make sure you have a working setup of a NETASQ device. It is very important this is working correctly before you start implementing the authentication to the IDENTIKEY Server. At this time this is a list of devices supported is the complete NETASQ U Series. The screenshots used in the rest of this document, are taken from a NETASQ U250. 4.3 IDENTIKEY Server Prerequisites In this guide we assume you already have IDENTIKEY Server installed and working. If this is not the case, make sure you get it working before installing any other features. 2010 VASCO Data Security. All rights reserved. Page 5 of 19

5 NETASQ configuration 5.1 RADIUS configuration Open the NETASQ Unified Manager tool to configure the device. In the menu, select Authentication Captive portal. This will open a new window. Figure 3: RADIUS configuration (1) Under the Global options, make sure that authentication is performed on both INTERNAL and EXTERNAL interfaces. Figure 4: RADIUS configuration (2) 2007 VASCO Data Security. All rights reserved. Page 6 of 19

Now select the Radius menu item and click the Server button under the Primary configuration. Figure 5: RADIUS configuration (3) If your host, where IDENTIKEY Server is installed, is already in the list, select this host. Otherwise click the New Host button to create a new host. Figure 6: RADIUS configuration (4) 2007 VASCO Data Security. All rights reserved. Page 7 of 19

Enter a Host name for this host, set the DNS resolution to Static and fill in the IP Address of the IDENTIKEY Server. Click Next > to continue. Figure 7: RADIUS configuration (5) The next fields may be left blank and click Finish to end the wizard. Figure 8: RADIUS configuration (6) 2007 VASCO Data Security. All rights reserved. Page 8 of 19

The new host will now be in the list, select it and click the OK button. Figure 9: RADIUS configuration (7) The RADIUS port is filled in by default at port 1812. Now fill in the shared key which has been setup in IDENTIKEY Server as shared secret. Figure 10: RADIUS configuration (8) 2007 VASCO Data Security. All rights reserved. Page 9 of 19

5.2 Interface configuration Go to the Internal interfaces Available methods. Tick the Radius option and select it as default method below. Figure 11: Interface configuration (1) Do exactly the same for External interfaces Available methods. Afterwards click the SEND button to store the configuration details and to go back to the main screen. Figure 12: Interface configuration (2) 2007 VASCO Data Security. All rights reserved. Page 10 of 19

6 IDENTIKEY Server Go to the IDENTIKEY Server web administration page, and authenticate with and administrative account. 6.1 Policy configuration To add a new policy, select Policies Create. Figure 13: Policy configuration (1) There are some policies available by default. You can also create new policies to suit your needs. Those can be independent policies or inherit their settings from default or other policies. 2007 VASCO Data Security. All rights reserved. Page 11 of 19

Fill in a policy ID and description. Choose the option most suitable in your situation. If you want the policy to inherit setting from another policy, choose the right policy in the Inherits From list. Otherwise leave this field to None. Figure 14: Policy configuration (2) In the policy options configure it to use the right back-end server. This could be the local database, but also active directory or another radius server. This is probably the same that was in your default client authentication options before you changed it. Or you use the local database, Windows or you go further to another radius server. In our example we select our newly made Demo Policy and change it like this: Local auth.: Digipass/Password Back-End Auth.: Default (None) Back-End Protocol: Default (None) Dynamic User Registration: Default (No) Password Autolearn: Default (No) Stored Password Proxy: Default (No) Windows Group Check: Default (No Check) After configuring this Policy, the authentication will happen locally in the IDENTIKEY Server. So user credentials are passed through to the IDENTIKEY Server, it will check these credentials to its local user database and will answer to the client with an Access-Accept or Access-Reject message. 2007 VASCO Data Security. All rights reserved. Page 12 of 19

In the Policy tab, click the Edit button, and change the Local Authentication to Digipass/Password. Figure 15: Policy configuration (3) The user details can keep their default settings. Figure 16: Policy configuration (4) 2007 VASCO Data Security. All rights reserved. Page 13 of 19

6.2 Client configuration Now create a new component by right-clicking the Components and choose New Component. Figure 17: Client configuration (1) 2007 VASCO Data Security. All rights reserved. Page 14 of 19

As component type choose RADIUS Client. The location is the IP address of the client. In the policy field you should find your newly created policy. Fill in the shared secret you entered also in the client for the RADIUS options. In our example this was vasco. Click Create. Figure 18: Client configuration (2) Now the client and the IDENTIKEY Server are set up. We will now see if the configuration is working. 2007 VASCO Data Security. All rights reserved. Page 15 of 19

7 NETASQ test 7.1 Response Only To start the test, browse to the public IP address or hostname of the NETASQ device. In our example this is https://10.1.8.254. Enter a Username and select a duration you want to be authenticated. Click the Login button. Figure 19: NETASQ test (1) In the Password field, enter your OTP (One-Time Password) and click OK. Figure 20: NETASQ test (2) 2007 VASCO Data Security. All rights reserved. Page 16 of 19

You will receive a message once the authentication is successful. Figure 21: NETASQ test (3) 2007 VASCO Data Security. All rights reserved. Page 17 of 19

7.2 Challenge / Response Challenge/Response is currently not supported on the NETASQ devices. 2007 VASCO Data Security. All rights reserved. Page 18 of 19

8 About VASCO Data Security VASCO designs, develops, markets and supports patented Strong User Authentication products for e-business and e-commerce. VASCO s User Authentication software is carried by the end user on its DIGIPASS products which are small calculator hardware devices, or in a software format on mobile phones, other portable devices, and PC s. At the server side, VASCO s VACMAN products guarantee that only the designated DIGIPASS user gets access to the application. VASCO s target markets are the applications and their several hundred million users that utilize fixed password as security. VASCO s time-based system generates a one-time password that changes with every use, and is virtually impossible to hack or break. VASCO designs, develops, markets and supports patented user authentication products for the financial world, remote access, e-business and e-commerce. VASCO s user authentication software is delivered via its DIGIPASS hardware and software security products. With over 25 million DIGIPASS products sold and delivered, VASCO has established itself as a world-leader for strong User Authentication with over 500 international financial institutions and almost 3000 blue-chip corporations and governments located in more than 100 countries. 2007 VASCO Data Security. All rights reserved. Page 19 of 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback