RSA SecurID

1
RSA SecurID
2
Agenda

• RSA SecurID Concepts
• RSA Tokens Token Strategy
• RSA Appliance Server Components
• RSA Agents Interoperability
• Questions

3
Introducing Information-centric Security

• Today's organizations are virtual, global, and
  dynamic
• Perimeters fail to protect data as it moves, and
  fail to repel internal threats Perimeter-centric
  security creates boundaries that hinder new
  business models
• Identity-centric security doesnt protect data,
  prevent data leakage or assure compliance

infrastructure
Data
People
4
Introducing Information-centric Security

• Information-centric security binds security
  directly to information and tothe people who
  need it

customers
partners
employees
5
Introducing Information-centric Security
secure enterprise dataPreserve the
confidentiality and integrity of critical data
wherever it resides secure employee
accessEnable secure, anytime, anywhere access to
corporate resources secure partner accessOpen
internal systems to trusted partners secure
customer accessOffer self-service channels,
prevent fraud, and enhance consumer
confidence manage security informationComply
with security policy and regulations
secure data
secure access
customers
partners
employees
security information management
6
RSA Data Security FrameworkBest Practices for
Securing Enterprise Data
Data Map
Implement
Eval Drivers
Risk Model
Manage
Classification
Control Gap
Audit
Policy Def.
7
RSA SecurID Product Concepts
8
RSA Security Authentication Framework

• Provide flexibility in the choice of credentials
  and authentication methods

• Offer a broad range of form factors for storing
  and protecting credentials

• Provide streamlined, cost-effective identity
  life-cycle management

• Deliver mission-critical scalability and
  reliability for credential validation

• Enable trusted identities to be leveraged across
  the widest range of resources and applications

Manage
Store
Leverage
Prove
Create
9
Two-Factor User AuthenticationIts Just Like
Banking Chip n PIN Something you have
TOKEN Something you know PIN
10
RSA SecurID Products

• RSA SecurID Authenticators
• Hardware Tokens
• Software Tokens
• Smart Cards/USB Tokens

11
RSA SecurID Products

• RSA SecurID Authenticators
• Hardware Tokens
• Software Tokens
• Smart Cards/USB Tokens
• RSA Authentication Manager
• The engine of RSA SecurID

12
RSA SecurID Products

• RSA SecurID Authenticators
• Hardware Tokens
• Software Tokens
• Smart Cards/USB Tokens
• RSA Authentication Manager
• The engine of RSA SecurID
• RSA Authentication Agents RSA
• SecurID security guards

• Web Servers
• Windows
• Unix / Linux
• API
• 3rd Party Vendors

13
RSA SecurID Products

• RSA SecurID Authenticators
• Hardware Tokens
• Software Tokens
• Smart Cards/USB Tokens
• RSA Authentication Manager
• The engine of RSA SecurID
• RSA Authentication Agents RSA
• SecurID security guards
• RSA Authentication Deployment Manager
• RSA SecurID credential deployment solution
• RSA SecurID Select
• Co-branding service

14
RSA SecurID Authentication Solution
Authentication Agent
User enters Passcode (PIN token code)
Authentication Manager
UserAuthenticated!
15
RSA SecurIDTime Synchronous Two-Factor
Authentication
RSAAuthentication Manager
16
Feature Comparison

• Base Edition
• 1 Primary, 1 Replica
• Only 1 Realm
• Deployment Manager separate purchase

• Enterprise Edition
• 1 Primary, up to 10 Replicas
• Up to 6 Realms
• High Availability support
• Deployment Manager included

17
RSA SecurID Tokens Token Strategy
18
RSA SecurID Authenticators

• RSA SecurID Hardware Tokens
• Key fob
• Standard card
• PinPad
• Hybrid Token
• RSA SecurID Software Tokens
• Windows PC
• Microsoft Windows Mobile
• Palm Handhelds
• BlackBerry Handhelds
• Wireless Phones

19
RSA Software Token Platform Coverage

• RSA SecurID Token for Windows Desktops
• RSA SecurID Token for Windows Mobile 2003
• RSA SecurID Token for Palm Handhelds
• RSA SecurID Token for Blackberry Handhelds
• RSA SecurID Token for Mobile Phones
• RSA SecurID Toolbar Token

20
(No Transcript)
21
SecurID Toolbar Token - Security Features

• Secure Remote Seeding
• CT-KIP protocol used to simultaneously generate
  seeds at client and server
• Seed record is never transmitted across the wire
• Authorized activation
• Activation code is sent out of band to consumer
  preventing an unauthorized user from activating a
  token
• Seed record copy protection
• Seed records are encrypted with device-specific
  identifiers
• Code generation requires decryption with same
  device identifiers
• Counter-phishing measures (patent pending)
• Codes are generated only when browser is at a
  trusted site
• Trust list hosted by RCAS or customer website
• Anti-malware measures
• Autofill feature provides protection against
  keystroke loggers

22
RSA SecurID SID800

• Additional features benefits beyond SID700
• Single container for multiple credential types
• Dynamic OTP, Certificates, Passwords
• Mixed auth environments for Enterprise, Remote
  Web
• Digital signatures and strong encryption
• Protects customer investment through
  extensibility
• Deploy OTP token and selectively phase in other
  functionality
• JAVA supports post issuance of future
  applications and enhancements
• Ease of Use
• Programmatic token code access reduces the number
  of user keystrokes
• Integrated with SID for Windows 6.1

23
RSA SecurID Appliance Server Component
24
RSA SecurID Appliance

• Features
• Purpose-Built Appliance
• Hardened Windows Server 2003
• Embedded Application Firewall
• Disabled Components Services
• Hardened TCP/Stack
• Limited Group/User Sharing Options
• Application Hardening
• Authentication Manager v6.1 Full Feature Set
• Web Management Interface
• Embedded Web Server (IIS 6.0) plus Authentication
  Agent for Web 5.3
• Supports 200 RSA SecurID Ready Partners

• Benefits
• Lower TCO
• Faster Implementation
• Stronger Security
• Full Functionality
• Easy to Manage

25
Supported Platforms

• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2003 Server (Enterprise or
  Standard)
• Sun Solaris 9.0
• Red Hat Linux ES 3.0
• HP-UX 11i
• IBM AIX 5L v5.2

26
RSA SecurID Agents Interoperability
27
RSA Authentication Agents

• Acts as security guard between RSA
  Authentication Manager, the protected resource
  and the user
• Intercepts access requests and forces RSA SecurID
  authentication
• Out-of-the-box interoperability with over 300
  certified products from over 200 vendors
  (including Apache Web Server)
• RSA Authentication Agent software developers kit
  enables additional interoperability for customer
  specific resources
• RSA SecurID Ready program ensures consistent
  testing and certification of all third-party RSA
  Authentication Agent implementations

28
Providing strong authentication solutions which
prove a users identity before granting access to
a resource
Users
Resources
Users
Resources
OS Unix OS Linux OS Windows Systems
Web Fax Phone
PAM Agent Windows Agent
Web Agents Custom
Admin
Business Partner
Dialup VPN Citrix SSL-VPN OWA
SecurID Ready Web Agents
Web Phone
Web Agents Custom
Remote Employee
Individual Consumer
Windows Wireless Web portal Wired 802.1x
Windows Agent 6.1 Server Web Agents OTPS
Employee
29
Interoperable with over 300 solutions

• Web applications and servers
• Oracle
• EMC Documentum
• Sun Microsystems
• Apache
• BEA
• IBM
• Microsoft
• Provisioning
• Computer Associates
• IBM
• Thor Technologies
• BMC
• Sun Microsystems
• Email, workflow and office automation
• Microsoft
• Novell
• Adobe
• IBM

• Wireless
• Cisco
• Microsoft
• Nokia
• Perimeter defense (Firewalls, VPNs and Intrusion
  Detection)
• Aventail
• Check Point Software
• Cisco
• Citrix
• Juniper
• Nortel
• Nokia
• Microsoft
• Network and communications
• Lucent
• Cisco
• Radius
• 3COM
• Funk Software

Customer Benefit Reduced time to market and
lower deployment costs
30
Remote AccessAuth Agent for Web streamlines
authentication to OWA
SecurID passcode prompt replaces the password
31
Citrix No Password Required!
32
RSA SecurIDAuthentication in Action
33
RSA SecurID Questions?
34
Thank you!