Intel Security/McAfee Endpoint Encryption

Similar documents
<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Symantec Encryption Desktop

RSA SecurID Implementation

SSH Communications Tectia SSH

McAfee Drive Encryption Administration Course

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

SafeNet Authentication Client

Barracuda Networks SSL VPN

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Dell SonicWALL NSA 3600 vpn v

Apple Computer, Inc. ios

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

McAfee File and Removable Media Protection Product Guide

VMware Identity Manager vidm 2.7

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA Ready Implementation Guide for

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

RSA SecurID Ready Implementation Guide

VMware VMware View. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 27 th, 2014

McAfee File and Removable Media Protection 6.0.0

SSH Communications Tectia 6.4.5

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

Cisco Systems, Inc. Wireless LAN Controller

Barracuda Networks NG Firewall 7.0.0

Microsoft Forefront UAG 2010 SP1 DirectAccess

SecureW2 Enterprise Client

Open System Consultants Radiator RADIUS Server

SOFTEL Communications Password Reset and Identity Management Suite

RSA Secured Implementation Guide For User Management Products

Citrix Systems, Inc. Web Interface

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

McAfee Security Connected Integrating epo and MFECC

TalariaX sendquick Alert Plus

SailPoint IdentityIQ 6.4

RSA Ready Implementation Guide for

Cisco Systems, Inc. Aironet Access Point

About this release This document contains important information about the current release. We strongly recommend that you read the entire document.

Authentify SMS Gateway

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Advantage Cloud Two-Factor Security Process

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

Vanguard Integrity Professionals ez/token

Microsoft Unified Access Gateway 2010

Barron McCann Technology X-Kryptor

Cyber Ark Software Ltd Sensitive Information Management Suite

McAfee File and Removable Media Protection Installation Guide

How to Configure the RSA Authentication Manager

RSA SecurID Ready Implementation Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

SecuRemote for Windows 32-bit/64-bit

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

Microsoft Exchange Online

Cisco Systems, Inc. Catalyst Switches

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

McAfee Security Connected Integrating EPO and MAM

Thales nshield Series

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Attachmate Reflection for Secure IT 8.2 Server for Windows

McAfee epolicy Orchestrator Release Notes

RSA Ready Implementation Guide for

McAfee Drive Encryption Product Guide. (McAfee epolicy Orchestrator)

Security Access Manager 7.0

Fischer International Identity Fischer Identity Suite 4.2

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

Endpoint Security Full Disk Encryption for Mac 3.1 Release Notes

AT&T Global Smart Messaging Suite

Cisco Systems, Inc. IOS Router

Deploying the hybrid solution

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017

Security Cooperation Information Portal

TFS WorkstationControl White Paper

McAfee epo Deep Command

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Rocket Software Strong Authentication Expert

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

Infosys Limited Finacle e-banking

McAfee Client Proxy Product Guide

AT&T Global Network Client for Mac User s Guide Version 2.0.0

<Partner Name> <Partner Product> RSA Ready Implementation Guide for

Secured by RSA Implementation Guide for Software Token Authenticators

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Installing Client Proxy software

Transcription:

RSA Ready Implementation Guide for RSA SecurID Last Modified: March 13, 2015 Partner Information Product Information Partner Name Intel Security formerly McAfee Web Site www.mcafee.com Product Name for PC s Version & Platform 7.1.1 Windows 8 McAfee delivers encryption integrated with Product Description centralized management that helps prevent unauthorized access and loss or theft of sensitive data.

Solution Summary Intel Security/McAfee and the RSA SID800 smart card combine seamlessly to provide end-users with a single form factor for enterprise two-factor authentication. Users can store the keys necessary to unlock the encrypted data on their hard drive on the same device used to provide RSA SecurID authentication throughout the enterprise. Partner Integration Overview Interoperable through RSA Authentication Client Pre-Boot Authentication If Pre-Boot, which tokens are supported? No Yes SID800 Rev D4-2 -

Product Configuration for Interoperability Interoperability between the RSA Authenticators and Intel Security/McAfee requires the installation of Intel Security/McAfee. Before You Begin This section provides instructions for integrating RSA Authenticators with Intel Security/McAfee Endpoint Encryption. The document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuration There are two methods of RSA SID800 integration available for use with McAfee. RSA PKI smart card PKI smart card authentication requires a Certificate Authority integrated with a Microsoft Windows Domain. The Certificate Authority issues the PKI certificate to a Windows Domain user. The private key is stored on the RSA SID800 smart card and associated with the Windows Domain user. Authentication with PKI smart card requires the following actions; Enabling LDAP Synchronization for the Domain is required. Associate an User to a computer is required. Create policy and policy assignment rule for PKI Authentication. Enable UBP Enforcement is required. RSA Stored Value Token A stored value is written to the RSA SID800 smart card by the McAfee pre-boot environment. Authentication with a Stored Value Token requires the following actions; Enabling LDAP Synchronization for the Domain is not required for users not managed by a Windows Domain. Associate an User to a computer is required. Create policy and policy assignment rule for Stored Value Authentication. Enable UBP Enforcement is required. Note: If you require both PKI and Stored Value authentication types within your environment you must create separate policies. - 3 -

Enable LDAP Synchronization for the Domain 1. Select Menu > Server Tasks to create an LDAP synchronization task. 2. Select the button at the bottom of the page. - 4 -

3. Name the task and select Next. 4. Select LDAPSync: Sync across users from LDAP within the Actions drop down list and set your LDAP Server then select Next. - 5 -

5. Set the frequency of the LDAP synchronization server task as needed then select Next. 6. Complete the creation of the task by selecting Save. - 6 -

7. Click the Run link under the Actions column to verify LDAP synchronization. 8. The task must complete successfully to continue. - 7 -

Associate an User to a computer 9. Associate a user with a computer by selecting Menu > Data Protection > Encryption Users. 10. Select the system to associate the user and click Actions > and Add User(s). - 8 -

11. Select the button to associate the User to the computer. 12. Search for the user to associate and add by selecting the checkbox next to the users name and click OK. - 9 -

13. Click OK once you have selected the user. - 10 -

Create policy and policy assignment rule for PKI Authentication 1. Create a PKI Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. - 11 -

3. Set the Policy Name of the User Based policy then click OK. 4. Select the New Policy by clicking RSA SID800 PKI Policy. - 12 -

5. Select RSA PKI Smart Card from the Token Type list. 6. Select Save. - 13 -

7. Create a PKI Policy Assignment to enable PKI authentication with the SID800 smart card. Select Menu > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. - 14 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. - 15 -

11. Select 7.0.2 from the Product list, User Based Policies from the Category list and RSA SID800 PKI Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the PKI smart card rule. b - 16 -

13. Select Container and children from the Preset drop down list. b 14. Select the user and then select OK. - 17 -

15. Select Next. 16. Select Save. - 18 -

Create policy and policy assignment rule for Stored Value Authentication 1. Create a Stored Value Policy Catalog by selecting Menu > Policy and Policy Catalog. 2. Select the Duplicate Action for the McAfee Default User Based Policies Catalog. - 19 -

3. Set the Policy Name of the User Based policy. 4. Select the New Policy by clicking RSA SID800 Stored Value Policy. - 20 -

5. Select RSA Stored Value Smart Card from the Token Type list. 6. Select Save. - 21 -

7. Create a Stored Value smart card Policy Assignment to enable Stored Value authentication with the SID800 smart card. Select Menu > Policy Assignment Rules. 8. Create a new Policy Assignment Rule by selecting New Assignment Rule. - 22 -

9. Enter the name for the assignment rule and set the Rule Type to User Based then select Next. 10. Select Add Policy. - 23 -

11. Select 7.0.2 from the Product list, User Based Policies from the Category list and RSA SID800 Stored value Policy from the Policy list, the select Next. 12. Select User from the User Criteria and to associate a user to the Stored Value smart card rule. b - 24 -

13. Select Container and children from the Preset drop down list. b 14. Select the user and then select OK. - 25 -

15. Select Next. 16. Select Save. - 26 -

Client Synchronization 1. To complete setup of smart card authentication with the SID800 the client computer needs to be updated by synchronizing with the epo server. A synchronization will push the recently created policies associated with that user and their token data to the client computer. 2. A synchronization can be forced from epo using an Agent Wake-Up call or the synchronization can be forced from the client using the McAfee Agent user interface or simply by waiting for the next ASCI + Policy Enforcement interval. 3. To verify the status of disk encryption on the users workstation open Mcafee Drive Encryption System Status by right clicking the McAfee Tray icon. 4. Select Quick Settings > Show Drive Encryption Status. - 27 -

5. Select Close and restart the system if the drive encryption is complete. Note: Before restarting the system, insure that encryption is completed. Once encryption is completed the user will be able to perform preboot authentication with the assigned SID800 token. Rebooting the system prior to the completion of encryption will require the user to login using a password or perform a McAfee Encryption Recovery. Restart the System and Authenticate 1. When the system is restarted the EEPC pre boot will be displayed. At this stage the user is prompted to authenticate. Ensure that the token is inserted either before booting the system or before attempting to authenticate. 2. Enter the username and click Next. 3. The user will be prompted for the PIN, enter the smart card PIN and click OK. 4. If the client is configured as a PKI smart card user the client is authenticated. 5. If the client is configured as a Stored Value token user the user will be prompted to enter the McAfee epo default password and then the smart card PIN. The smart card will then be initialized with the stored value and the client computer will boot Windows. Note: The RSA SID800 smart card is now ready for use and is successfully assigned to the user. - 28 -

Certification Checklist for 3 rd Party Applications Date Tested: March 13, 2015 Product Tested Version Operating System Intel Security/McAfee epolicy Orchestrator 5.1 Windows 2008 R2 Intel Security/McAfee Endpoint Windows 8 7.1.1 Encryption RSA Authentication Client 3.6 Windows 8 RSA SecurID 800 Rev D4 Windows 8 Test Cases Symmetric Keys Asymmetric Keys RSA SecurID 800 Preboot Authentication Disk/File Encryption N/A N/A 1024 Certificate N/A 2048 Certificate N/A Write Key/Certificate Delete Key/Certificate Token Management RAC API Modify Token PIN Verify Token PIN N/A N/A Initialize Token N/A N/A DRP = Pass = Fail N/A = Non-Available Function - 29 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback