RSA SecurID

Passwords are something which normal users don't really care about. Some

write them on their desk, while others put passwords which are nothing but their

name or surname. Moreover, they reveal their passwords to all and sundry, maybe

even a a social engineer whom they met last night. Additionally, there are

threats like sniffers and Trojans, phishing attacks etc. To overcome these

problems RSA SecurID uses a two-factor authentication which is based on

something you know-a password or PIN (personal identification number) and

something you can keep-a hardware token. Just like ATMs where a PIN and an ATM

card together provide you with two-factor authentication. RSA replicates a

similar kind of authentication through a PASSCODE. It is created with a PIN

combined with the number displayed on the RSA SecurID token.

Price: Rs 99,000-1,25,000 for 10 users

Meant For: Enterprises

Key Specs: Two-Factor Authentication

Pros: Improved security, easy to carry tokens

Cons: Setup is a bit difficult

Contact: RSA Security, Mumbai Tel: 26570360 E-mail: southeastasia@rsasecurity.com

RSA SecurID 700 hardware authenticator

The SecurID pack which we received from RSA consisted of two RSA SecurID 700

hardware authenticators, an RSA Authentication Manager (server software) and RSA

Authentication Agents (client software). The hardware authenticators are small

easy to carry key-fob devices. They display a six digit code generated by the

RSA SecurID AES algorithm, which changes every 60 seconds. These hardware tokens

don't require any external battery. Plus, they can only be assigned to a

single user, who in turn requires to physically carry the same. The tokens are

pretty solid as they passed our manual tampering tests with flying colors. We

droppedand ran over them but nothing happened. Nor were we able to split them

apart.

RSA Authentication Manager and Agent



The RSA Authentication Manager software is the management component of the RSA
SecurID solution. It verifies the authentication requests and policies for

enterprise networks. It also provides features such as database replication and

load balancing, automated LDAP import and LDAP synchronization, etc. RSA

Authentication Manager 6.0 can authenticate Microsoft Windows users in scenarios

such as Local Authentication, Domain Logon, Terminal Services, Offline

Authentication, etc. It works with the RSA Authentication Agent that provides

authentication interface on end user machines. The Manager maintains logs of all

transactions and user activity and has reporting tools for creating reports

about user activity, incidents, etc.

The RSA Authentication Agent has to be installed on the remote node. It can

be installed manually or can be pushed through Windows installer. When the

client agent is installed, it replaces Windows Ctrl+ Alt +Del with that of RSA.

The agent software intercepts access requests from local or remote users and

sends the UserID and Passcode to RSA Authentication Manager, which verifies the

authentication and tells the agent whether to deny or grant access. The Manager

then decrypts Windows password and passes it to the Windows logon process.

Installing RSA Authentication Manager was easy but configuring and

implementing it for the first time was a bit difficult. It managed to fully

integrate itself with Windows Active Directory to provide domain level access

management and offline authentication as well. In offline authentication, when a

user logs on to a node not connected to the network, the RSA Authentication

Agent compares the user-supplied information to the stored codes and either

grants or denies access. All of this process is transparent to the user. The

next time the user logs on to the network, the RSA Authentication Manager will

update the desktop software to prepare it for offline authentication in future.

This can be very useful if a user wants to log on to his notebook away from the

enterprise network.

Bottom Line: RSA SecurID Solution provides an effective two stage

authentication of users accessing an enterprise network remotely or locally.