RSA SecurID

Passwords are something which normal users don't really care about. Some
write them on their desk, while others put passwords which are nothing but their
name or surname. Moreover, they reveal their passwords to all and sundry, maybe
even a a social engineer whom they met last night. Additionally, there are
threats like sniffers and Trojans, phishing attacks etc. To overcome these
problems RSA SecurID uses a two-factor authentication which is based on
something you know-a password or PIN (personal identification number) and
something you can keep-a hardware token. Just like ATMs where a PIN and an ATM
card together provide you with two-factor authentication. RSA replicates a
similar kind of authentication through a PASSCODE. It is created with a PIN
combined with the number displayed on the RSA SecurID token.

Price: Rs 99,000-1,25,000 for 10 users

Meant For: Enterprises

Key Specs: Two-Factor Authentication

Pros: Improved security, easy to carry tokens

Cons: Setup is a bit difficult

Contact: RSA Security, Mumbai Tel: 26570360 E-mail: southeastasia@rsasecurity.com

RSA SecurID 700 hardware authenticator

The SecurID pack which we received from RSA consisted of two RSA SecurID 700
hardware authenticators, an RSA Authentication Manager (server software) and RSA
Authentication Agents (client software). The hardware authenticators are small
easy to carry key-fob devices. They display a six digit code generated by the
RSA SecurID AES algorithm, which changes every 60 seconds. These hardware tokens
don't require any external battery. Plus, they can only be assigned to a
single user, who in turn requires to physically carry the same. The tokens are
pretty solid as they passed our manual tampering tests with flying colors. We
droppedand ran over them but nothing happened. Nor were we able to split them
apart.

RSA Authentication Manager and Agent

The RSA Authentication Manager software is the management component of the RSA
SecurID solution. It verifies the authentication requests and policies for
enterprise networks. It also provides features such as database replication and
load balancing, automated LDAP import and LDAP synchronization, etc. RSA
Authentication Manager 6.0 can authenticate Microsoft Windows users in scenarios
such as Local Authentication, Domain Logon, Terminal Services, Offline
Authentication, etc. It works with the RSA Authentication Agent that provides
authentication interface on end user machines. The Manager maintains logs of all
transactions and user activity and has reporting tools for creating reports
about user activity, incidents, etc.

The RSA Authentication Agent has to be installed on the remote node. It can
be installed manually or can be pushed through Windows installer. When the
client agent is installed, it replaces Windows Ctrl+ Alt +Del with that of RSA.
The agent software intercepts access requests from local or remote users and
sends the UserID and Passcode to RSA Authentication Manager, which verifies the
authentication and tells the agent whether to deny or grant access. The Manager
then decrypts Windows password and passes it to the Windows logon process.

Installing RSA Authentication Manager was easy but configuring and
implementing it for the first time was a bit difficult. It managed to fully
integrate itself with Windows Active Directory to provide domain level access
management and offline authentication as well. In offline authentication, when a
user logs on to a node not connected to the network, the RSA Authentication
Agent compares the user-supplied information to the stored codes and either
grants or denies access. All of this process is transparent to the user. The
next time the user logs on to the network, the RSA Authentication Manager will
update the desktop software to prepare it for offline authentication in future.
This can be very useful if a user wants to log on to his notebook away from the
enterprise network.

Bottom Line: RSA SecurID Solution provides an effective two stage
authentication of users accessing an enterprise network remotely or locally.