An Introduction to RSA SecurID. Agenda Strong Authentication Overview RSA Market Presence RSA...
-
Upload
mercy-jordan -
Category
Documents
-
view
234 -
download
0
Transcript of An Introduction to RSA SecurID. Agenda Strong Authentication Overview RSA Market Presence RSA...
Agenda
• Strong Authentication Overview
• RSA Market Presence
• RSA SecurID product family
• Product Applications
• RSA the company
Addressing Challenges Requires Key Capabilities
How do you manage identities?
How can you protect data?
What can your “identity” do?
Who are you?
Access Management
Enabling organizations to carefully manage access rights to protected resources
Data Protection
Preserving the confidentiality and integrity of sensitive data whether at rest or in transit
Identity Administration
Automating user life cycle management and administration, from user creation and modification to deletion
Authentication
& Credential Management Determining whether
someone or something is, in fact, who or what it is declared to be
Addressing Security ChallengesIdentity & Access Management Solutions
How do you manage identities?
How can you protect data?
What can your “identity” do?
Access Management
RSA ClearTrustData Protection
RSA BSAFE
Identity Administration
RSA Reporting & Compliance Manager
RSA Deployment Manager
Xellerate Identity Manager
Authentication
& Credential Management RSA SecurID
RSA Authentication Manager
RSA Sign-On Manager
RSA Federated Identity Manager
RSA Keon
Who are you?
Why Focus on Authentication?
• Authentication is the essential foundationfor trusted business process
—Establishes trust by proving identitiesof the participants in a transaction
—“On the Internet, no one knows you’re a dog”
NON-Repudiation!
Source: RSAS, adapted from Frost & Sullivan
Driving the Need for Strong Authentication
• Expanding access
— Increasing numbers of mobile workers and telecommuters
— Extension of the enterprise network to third parties
• Customers
• Partners
• “Willy Sutton effect”
— Increase in sensitive information accessed remotely
— High levels of internal compromise/theft
• The problem with passwords
— Passwords provide weak security
— Multiple passwords are unmanageable
— Passwords are surprisingly expensive
• Compliance laws
— 27 states require notification
— 10 million identity theft victims
Authentication ChoicesRelative Strength
Weaker Stronger
PasswordPolicy
+PIN
+PIN
Single factor Two factor
+
+
PIN
+
Three factor
PASSWORD
POLICY
RSA Competitive Position
RSA
All Others
2004Source: IDC Worldwide Authentication Token 2005-2009 Forecast and 2004 Vendor Share: December 2005
Diverse Vertical Markets
Other 8%
Technology 25%
Financial 19%Telecom
11%
Manufacturing 11%
Healthcare 10%
Services 9%
Government 7%
Added 2500+ New Customers in 2005 21,000+ Customers Worldwide
11
Advancing e-Business
Transforming e-security into a business enabler
Thousands of customers worldwide
— 89% of the Fortune 100
— 66% of the Fortune 500
— 88% of the world’s top 50 banks
12
Third Party Validation
Fact
• RSA SecurID has won more industry awards than any other authentication solution.
Customer Benefit
• The best predictor of satisfaction is the experience of other users.
RSA SecurID Products
• RSA SecurID Authenticators— Hardware Tokens
— Software Tokens
— Smart Cards/USB Tokens
• RSA Authentication Manager— The engine of RSA SecurID
• RSA Authentication Agents RSA— SecurID “security guards”
• RSA Authentication Deployment Manager— RSA SecurID credential deployment solution
• RSA SecurID Select— Co-branding service
The 3 core components of SID solution
User enters Passcode (PIN + token code)
UserUserAuthenticated!Authenticated!
Authentication Manager
Authentication Agent
Calculates passcode
RSA SecurID Authentication Solution
RSA SecurIDTime Synchronous Two-Factor Authentication
RSAAuthentication
Manager
RAS,VPN,
Web Server,
WAP etc.
RSA Authentication
Agent
SeedTime
Algorithm
SeedTime
032848032848
Algorithm
Same SeedSame Seed
Same TimeSame Time
RSA SecurID Authenticators
• RSA SecurID Hardware Tokens — Key fob
— Standard card
— PinPad
— Hybrid Token
• RSA SecurID Software Tokens— Windows PC
— Microsoft Windows Mobile
— Palm Handhelds
— BlackBerry Handhelds
— Wireless Phones
Store: Next Generation RSA SecurID Authenticator Technologies
• Phones
• Toolbars
• Flash Memory
• Signing Token
• Flexible Token
RSA Confidential – Dates and Features subject to change
RSA Authentication ManagerKey System Components
• A database
—Of users, tokens and client information
• The authentication engine
—Performs the user authentication based on the credentials supplied by the agent
• An administration program
—System management: create & change settings, assigning tokens & users, reporting, etc.
Feature Comparison
• Base Edition
• 1 Primary, 1 Replica
• Only 1 Realm
• Deployment Manager separate purchase
• Enterprise Edition
• 1 Primary, up to 10 Replicas
• Up to 6 Realms
• High Availability support
• Deployment Manager included
Primary Server Replica
ServerP
R
P
R
RSA Authentication Manager Base EditionHighlights
• High performance
—Replication architecture results in high authentication performance and savings in server costs
• Reduce Help Desk Costs
—Quick Admin Web-based administrator application handles 80% of daily RSA SecurID tasks
• Reduced Administration Costs
—Centrally maintain user records in LDAP
—Synchronization between Authentication Manager database and LDAP
RSA Authentication Manager Enterprise EditionHighlights
• Increase performance— Support for up to 10 Replicas per realm
• 400% performance improvement
• Meet business goals with network configuration flexibility — Increase performance by locating Replicas and/or realms close to end user centers
• Reduce transcontinental network charges and traffic
• Reduced Risk of Downtime— Geographically distribute Replica servers
— Run software on High Availability hardware systems
• Reduce downtime (unexpected or planned)
• Avoid unexpected administrative costs
• Deployment Manager included with license
Choose Maintenance Option
Standard or Extended
3-yr SID700 Tokens
1YR HW Warranty
Auth Mgr Base License
RSA SecurID Appliance
• V1.0 — “Secure and Simple”
— Bundles of 10, 25, 50, 100, 150 & 250 users
• V2.0 introduced in 2006
— “An Appliance to meet your needs”
• Same Bundles to 250U
• Ala Carte to 50,000 users
— Base or Enterprise License
— Supported Environments
• Appliance Primary / Replica
• Authentication Manager Primary / Appliance Replica
RSA SecurID ApplianceThe all-in-one solution
RSA SecurID ApplianceKey Features & Benefits
Benefits
• Lower TCO
• Faster Implementation
• Stronger Security
• Full Functionality
• Easy to Manage
Features
• Purpose-Built Appliance
• Hardened Windows® Server 2003— Embedded Application Firewall
— Disabled Components & Services
— Hardened TCP/Stack
— Limited Group/User Sharing Options
— Application Hardening
• Authentication Manager v6.1 Full Feature Set
• Web Management Interface— Embedded Web Server (IIS 6.0) plus Authentication
Agent for Web 5.3
• Supports 200+ RSA SecurID Ready Partners
Customer Value PropositionLower Total Cost of Ownership
• Similar Equipment Acquisition Costs
• Lower Configuration / Set-up Cost
— Lowers Risk of Mis-Configuration, etc
— Out-of-the-box Hardened OS and configured Application Firewall
• Convenience -- Single Vendor Solution
— Lower cost of troubleshooting and ongoing service
• Lower Management Cost
— Simple Web Admin GUI
• Acts as “security guard” between RSA Authentication Manager, the protected resource and the user
— Intercepts access requests and forces RSA SecurID authentication
• Out-of-the-box interoperability with over 300 certified products from over 200 vendors
• RSA Authentication Agent SDK enables additional interoperability for customer specific resources
• RSA SecurID Ready program ensures consistent testing and certification of all third-party RSA Authentication Agent implementations
RSA Authentication Agents
Providing strong authentication solutions which prove a user’s identity before granting access to a resource
Admin
DialupVPNCitrix SSL-VPNOWA
Windows WirelessWeb portalWired 802.1x
OS: UnixOS: LinuxOS: WindowsSystems
Remote Employee
Employee
Business Partner
WebFaxPhone
IndividualConsumer
WebPhone
Users Resources UsersResources
PAM AgentSID4Win
SecurID ReadyWeb Agents
SID4Win6.1 ServerWeb AgentsOTPS
Web AgentsCustom
Web AgentsCustom
Interoperable with over 300 solutions
• Web applications and servers— Oracle
— EMC Documentum
— Sun Microsystems
— Apache
— BEA
— IBM
— Microsoft
• Provisioning— Computer Associates
— IBM
— Thor Technologies
— BMC
— Sun Microsystems
• Email, workflow and office automation— Microsoft
— Novell
— Adobe
— IBM
• Remote Access— iPass
— Citrix
— Nortel
— Symantec
• Wireless— Cisco
— Microsoft
— Nokia
• Perimeter defense (Firewalls, VPNs and Intrusion Detection)— Aventail
— Check Point Software
— Cisco
— Citrix
— Juniper
— Nortel
— Nokia
— Microsoft
• Network and communications— Lucent
— Cisco
• Radius— 3COM
— Funk Software
— Cisco
— Lucent
Customer Benefit: Reduced time to market and lower deployment costs
RSA Authentication Deployment Manager Overview
• Provides a self-service provisioning model that allows users to request, deploy and activate hardware and software tokens, from a Web browser
• Automates and dramatically speeds the rollout of RSA SecurID hardware and software authenticators to end users
• Provides user self-service functionality which can reduce operating costs, particularly calls to the help desk
— Self-service PIN change
— Request a hardware token replacement
• Scales to easily meet the needs of both small and large user deployments
• Enables flexible integration with other RSA Security products or your existing corporate resources
— Leverage existing data resources and investments
RSA Authentication Deployment Manager ROI
Manager faxes form
to IT
paper request
form
Manager Signature
IT assigns SecurID
IT gathers user info
User data entered in
ACE/Server
IT issues SecurID to
user
RSA Auth Deployment Manager
Manual process
Results: • 7 steps• Many delays• Time to deploy:days• Significant IT involvement
Mail room issues SecurID
End user requests token
via ADM
User activates token via ADM
Results: • 3 steps• Time to deploy: < 1 Day• NO IT involvement, Authentication Manager work handled automatically by Web Express
Authentication Deployment Manager Features Hardware token approval process
Web Server
RSA Authentication Manager
User Manager
Distributor
4b
Approval Code4a
User Request1
Approval 2Activation5
User info
3b3a
Activation6
Features of Deployment Manager End user self-service PIN change
Web Server
RSA Authentication Manager
User
Help desk
Authenticated user sets up answersa
Answers stored
b
LDAP
User forgets PIN, answers questions
1APIs can enable check of 3rd party datastore
2
Answers checked
3
User changes PIN
4
Any User, Anywhere
• Automation brings rapid deployment
• Resource limitations are no longer a barrier to rollout of RSA SecurID
• Available 24x7
• RSA Authentication Deployment Manager works for the base of users and data that you want to protect
—Enterprise
—B2B
—B2C
—ASP RSA Authentication Deployment Manager
Remote AccessAuth Agent for Web streamlines authentication to OWA
SecurID passcode prompt replaces the password
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
Administrative Access
OS/Network Devices
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
Administrative Access
OS/Network Devices
Data Encryption and Boot Protection
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
Administrative Access
OS/Network Devices
Data Encryption and Boot Protection
Enterprise SSO
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
Administrative Access
OS/Network Devices
Data Encryption and Boot Protection
Enterprise SSO
Web SSO
RSA SecurIDAuthentication in Action
VPN Gateway
RSA Authentication Manager
and
Appliance
Web Access
Citrix
WAP/802.11Wireless
Administrative Access
OS/Network Devices
Data Encryption and Boot Protection
Enterprise SSO
Web SSO
Federated Identity Management
RSA Security the Company
Facts
• Is a profitable, stable company with a 20+ year history leading the authentication market.
• Has a worldwide “follow the sun” support organization that is recognized as best in class by customers.
• Has an experienced professional services organization to help with special requirements.
Facts
• Has a worldwide network of experienced channel partners prepared to deliver and support the RSA Security products.
• Is committed to industry standards and is leading the efforts to define the one- time password specifications.
• Has a research arm—RSA Laboratories—that is recognized as an industry thought leader in addressing current and future security issues.
Customer Benefit
• Customers should feel comfortable knowing they are dealing with an innovative company committed to their success and satisfaction.
RSA Security the Company
What RSA Security’s Customers Say—from the recent The Info Pro survey
•“It’s solid. It just works. High assurance of proper authentication.”
•“Experienced, trusted.”
•“The number 1 vendor in providing authentication.”
•“Ubiquity makes support easy and reliable.”
•“The server stays up. It is scalable and has a great track record.”
•“Great for us. It is reliable and it works when it should.”
•“Very solid and dependable.”
•“Very impressed with RSA and their products. They are a great company and I always get the answers I need. They’ve been fantastic.”
•“Their tech support is the model for a help desk and quality of support. They are the best I’ve ever seen.”
RSA Security—the obvious choice
• The strongest, most proven two-factor authentication solution in the industry
• The most dependable, highest-quality solution . . .
– that can be used for more applications than any other
– while providing more choices for tokens and server software
– from an innovative company, dedicated to supporting its customers.