RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco...
-
Upload
jasper-gallagher -
Category
Documents
-
view
214 -
download
0
Transcript of RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco...
RSA Security
Validating Users and Devices to Protect Network
Assets
Endpoint Solutions for Cisco Environments
Identity Protection & Management
• Even if your device is compliant, your anti-virus is up-to-date and your personal firewall is enabled, the wrong people or rogue devices can still be accessing network assets and your sensitive corporate data.
• Today, you’ll learn:
—How best to safeguard network access from unauthorized access
—About the problems and costs associated with passwords
—About the importance of both user and device authentication
—The solution fit between RSA and Cisco networks
RSA Security’s Value
RSA Security’s value is its ability
to help organizations protect their
information and manage
the identities of the people
and applications accessing
and exchanging it.
4
Advancing e-Business
Transforming e-security into a business enabler
Thousands of customers worldwide
— 89% of the Fortune 100
— 66% of the Fortune 500
— 88% of the world’s top 50 banks
2004 RSA Security Inc. All rights reserved
5
RSA Security’s Market Solutions
Secure Mobile & Remote Access
Secure Enterprise Access
Secure Transactions
Identity & Access Management
Consumer Identity Protection
Authentication in the EnterpriseThe Business Problem
• Increasingly broader access to critical enterprise data
• Need to protect corporate resources
• Inconsistent user experience
• Inability to meet regulatory compliance
• Inability to audit
• Escalating help desk costs
2004 RSA Security Inc. All rights reserved
7
The Business ProblemAddressing security sacrifices simplicity
Complex passwordsFrequent password changes
Multiple passwords
AuthenticationThe Cornerstone to E-security
• Authentication is the essential foundation for e-business
— Establishes trust by proving identities of the participants in a transaction
• Without knowing with a high level of certainty who you are dealing with, it is:
— Not possible to properly assign access control & other rights
— Not possible to trust a digital signature
• In many cases it makes no sense to encrypt data if you don’t know who’s on the other end of the line
Authentication ChoicesRelative Strength
Weaker Stronger
PasswordPolicy
+PIN
+PIN
Single factor Two factor
+
+
PIN
+
Three factor
PASSWORD
POLICY
Secure
• Two-factor authentication
• Eliminates password vulnerabilities
Simple
• Consistent user experience online or offline
Auditable
• Single log for all authentication
Efficient
• Reduces need for password reset policies and associated costs
RSA SecurID Authentication Devices
• RSA SecurID Hardware Tokens — Key fob
— Standard card
— PinPad
• RSA SecurID Tokens for:— Windows Desktops
— Palm Handhelds
— Windows Mobile PocketPC
— Blackberry Handhelds
— Mobile phones
• RSA SecurID Smart Cards/ USB Tokens
RSA Authentication SolutionsRSA Keon Digital Certificates
Major Benefits:
- Digital signing
- Encryption
- Secure email
FormsSigning
RSA Sign-On Manager 4.0 Key Features
Web and
Browser
Apps
Groupware
Chat
Host/
Mainframe
Apps
Client/
Server
Apps
Desktop
Apps
VPN and
Dial-Up
Citrix
RSA Sign-On Manager Server
RSA Sign-On Manager Client • Offers centralized
management of SSO & authentication policy
• Scalabile and simplified administration
IntelliAccess™ Technology
*****
Secure Enterprise Single Sign-On integrated with best-of-breed strong authentication solutions
SecurID
SEED
RSA & Cisco Integrated Solutions Tested, certified, and mutually supported
RSA SecurID RSA Digital Certificates
Smart cards & USB tokens
Cisco VPN (PIX, & 3000 series)
Cisco Aironet Wireless LAN
Cisco IOS-based routers, etc.
Cisco IP Telephony
Cisco Network Admission Control
Complementing Cisco NAC: RSA extends endpoint security measures beyond security posture & device compliance through the validation of devices and rightful users accessing network resources.
Complementing Cisco NAC: RSA extends endpoint security measures beyond security posture & device compliance through the validation of devices and rightful users accessing network resources.
AAA Server (ACS)
RSA Authentication Manager
Hosts &Users Attempting Network
Access
Network Access Devices
Policy Enforcement Points
Credentials Credentials
EAP/802.1x
Credentials
Access Rights
Notification
Cisco Trust Agent
Authenticated?
RSA & Cisco NACExtending Endpoint Security with Device/User Authentication
RSA Keon CA
RADIUS RADIUS
Cert Validation
Policy Decision Points
RSA & Cisco VPN Secure Remote Access Solutions
Encrypted tunnel
through public network
Corporate Network
Internet
Cisco VPN Client
RSA Keon CA
RSA Authentication Manager
Cisco VPN3000 Series
Embedded RSA Authentication Agent
RSA & Cisco Aironet Wireless LAN Secure Enterprise LAN Access Solutions
Corporate Network
Cisco AironetWireless Client
Cisco SecureACS
RSA Keon CA
RSA Authentication Manager
Cisco AironetAccess Point
RSA & Cisco Network Infrastructure Secure Admin Access (through ACS)
Cisco Pix Firewall
Admin Access
Cisco IOS
Routers
Cisco
IOS RAS
Cisco PIX VPN
RSA Authentication Manager
Cisco IOS
Firewall
Cisco IOSVPN
Cisco Secure
ACS
RSA & Cisco Network Infrastructure Device Authentication
Cisco Pix VPN
Cisco VPN 3000
CiscoRoutersCisco
RAS
Cisco Aironet
Wireless Client
Cisco IOS
Firewall
Cisco IP Phone
Cisco Secure
ACS RSA Keon CA
Cisco Pix Firewall