Bezpečnost
Jména, rodná čísla, ...
Key logger, http, …
slovníkové útoky
...
Pohodlí uživatele vs. politiky
Možnost sdílení vs. audit
Náklady na administraci
2. Agenda
• Strong Authentication Overview
• RSA Market Presence
• RSA SecurID product family
• Product Applications
• RSA the company
3. Addressing Challenges Requires Key Capabilities
How do you
manage identities?
How can you
protect data?
What can your
“identity” do?
Who are you?
Access
Management
Enabling organizations
to carefully manage
access rights to
protected resources
Data Protection
Preserving the
confidentiality and
integrity of sensitive
data whether at rest
or in transit
Identity
Administration
Automating user life
cycle management and
administration, from
user creation and
modification to deletion
Authentication
& Credential
Management
Determining whether
someone or something
is, in fact, who or what
it is declared to be
4. Addressing Security Challenges
Identity & Access Management Solutions
How do you
manage identities?
How can you
protect data?
What can your
“identity” do?
Access
Management
RSA ClearTrust
Data Protection
RSA BSAFE
Identity
Administration
RSA Reporting &
Compliance Manager
RSA Deployment
Manager
Xellerate Identity
Manager
Authentication
& Credential
Management
RSA SecurID
RSA Authentication
Manager
RSA Sign-On Manager
RSA Federated Identity
Manager
RSA Keon
Who are you?
5. Why Focus on Authentication?
• Authentication is the essential foundation
for trusted business process
—Establishes trust by proving identities
of the participants in a transaction
—“On the Internet, no one knows
you’re a dog”
NON-Repudiation!
6. Source: RSAS, adapted from Frost & Sullivan
Driving the Need for Strong Authentication
• Expanding access
— Increasing numbers of mobile
workers and telecommuters
— Extension of the enterprise
network to third parties
• Customers
• Partners
• “Willy Sutton effect”
— Increase in sensitive
information accessed remotely
— High levels of internal
compromise/theft
• The problem with passwords
— Passwords provide weak security
— Multiple passwords are
unmanageable
— Passwords are surprisingly
expensive
• Compliance laws
— 27 states require notification
— 10 million identity theft victims
12. Advancing e-Business
Transforming e-security into a business enabler
Thousands of customers worldwide
— 89% of the Fortune 100
— 66% of the Fortune 500
— 88% of the world’s top 50 banks
12
13. Third Party Validation
Fact
• RSA SecurID has won more industry awards than any other
authentication solution.
Customer Benefit
• The best predictor of satisfaction is the
experience of other users.
16. User enters
Passcode
(PIN + token code)
User
Authenticated!
Authentication
Manager
Authentication
Agent
Calculates
passcode
RSA SecurID Authentication Solution
17. RSA SecurID
Time Synchronous Two-Factor Authentication
RSA
Authentication
Manager
RAS,
VPN,
Web Server,
WAP
etc.
RSA
Authentication
Agent
Seed
Time
Algorithm
Seed
Time
032848
Algorithm
Same Seed
Same Time
22. RSA Authentication Manager
Key System Components
• A database
—Of users, tokens and client information
• The authentication engine
—Performs the user authentication based on the credentials
supplied by the agent
• An administration program
—System management: create & change settings, assigning tokens
& users, reporting, etc.
23. Feature Comparison
• Base Edition
• 1 Primary, 1 Replica
• Only 1 Realm
• Deployment Manager separate
purchase
• Enterprise Edition
• 1 Primary, up to 10 Replicas
• Up to 6 Realms
• High Availability support
• Deployment Manager included
P
R
P
R
24. RSA Authentication Manager Base Edition
Highlights
• High performance
—Replication architecture results in high authentication performance
and savings in server costs
• Reduce Help Desk Costs
—Quick Admin Web-based administrator application handles 80% of
daily RSA SecurID tasks
• Reduced Administration Costs
—Centrally maintain user records in LDAP
—Synchronization between Authentication Manager database and
LDAP
25. RSA Authentication Manager Enterprise Edition
Highlights
• Increase performance
— Support for up to 10 Replicas per realm
• 400% performance improvement
• Meet business goals with network configuration flexibility
— Increase performance by locating Replicas and/or realms close to end user centers
• Reduce transcontinental network charges and traffic
• Reduced Risk of Downtime
— Geographically distribute Replica servers
— Run software on High Availability hardware systems
• Reduce downtime (unexpected or planned)
• Avoid unexpected administrative costs
• Deployment Manager included with license
27. Choose Maintenance Option
Standard or Extended
3-yr SID700 Tokens
1YR HW Warranty
Auth Mgr Base
License
RSA SecurID
Appliance
• V1.0
— “Secure and Simple”
— Bundles of 10, 25, 50, 100, 150 & 250
users
• V2.0 introduced in 2006
— “An Appliance to meet your needs”
• Same Bundles to 250U
• Ala Carte to 50,000 users
— Base or Enterprise License
— Supported Environments
• Appliance Primary / Replica
• Authentication Manager Primary /
Appliance Replica
RSA SecurID Appliance
The all-in-one solution
28. RSA SecurID Appliance
Key Features & Benefits
Benefits
• Lower TCO
• Faster Implementation
• Stronger Security
• Full Functionality
• Easy to Manage
Features
• Purpose-Built Appliance
• Hardened Windows® Server 2003
— Embedded Application Firewall
— Disabled Components & Services
— Hardened TCP/Stack
— Limited Group/User Sharing Options
— Application Hardening
• Authentication Manager v6.1 Full Feature
Set
• Web Management Interface
— Embedded Web Server (IIS 6.0) plus Authentication
Agent for Web 5.3
• Supports 200+ RSA SecurID Ready
Partners
29.
30. Customer Value Proposition
Lower Total Cost of Ownership
• Similar Equipment Acquisition Costs
• Lower Configuration / Set-up Cost
— Lowers Risk of Mis-Configuration, etc
— Out-of-the-box Hardened OS and configured Application Firewall
• Convenience -- Single Vendor Solution
— Lower cost of troubleshooting and ongoing service
• Lower Management Cost
— Simple Web Admin GUI
32. • Acts as “security guard” between RSA Authentication Manager,
the protected resource and the user
— Intercepts access requests and forces RSA SecurID authentication
• Out-of-the-box interoperability with over 300 certified products
from over 200 vendors
• RSA Authentication Agent SDK enables additional
interoperability for customer specific resources
• RSA SecurID Ready program ensures consistent testing and
certification of all third-party RSA Authentication Agent
implementations
RSA Authentication Agents
33. Providing strong authentication solutions which prove a
user’s identity before granting access to a resource
Admin
Dialup
VPN
Citrix
SSL-VPN
OWA
Windows
Wireless
Web portal
Wired 802.1x
OS: Unix
OS: Linux
OS: Windows
Systems
Remote
Employee
Employee
Business
Partner
Web
Fax
Phone
Individual
Consumer
Web
Phone
Users Resources Users
Resources
PAM Agent
SID4Win
SecurID Ready
Web Agents
SID4Win
6.1 Server
Web Agents
OTPS
Web Agents
Custom
Web Agents
Custom
34. Interoperable with over 300 solutions
• Web applications and servers
— Oracle
— EMC Documentum
— Sun Microsystems
— Apache
— BEA
— IBM
— Microsoft
• Provisioning
— Computer Associates
— IBM
— Thor Technologies
— BMC
— Sun Microsystems
• Email, workflow and office automation
— Microsoft
— Novell
— Adobe
— IBM
• Remote Access
— iPass
— Citrix
— Nortel
— Symantec
• Wireless
— Cisco
— Microsoft
— Nokia
• Perimeter defense (Firewalls, VPNs and Intrusion Detection)
— Aventail
— Check Point Software
— Cisco
— Citrix
— Juniper
— Nortel
— Nokia
— Microsoft
• Network and communications
— Lucent
— Cisco
• Radius
— 3COM
— Funk Software
— Cisco
— Lucent
Customer Benefit: Reduced time to market and lower deployment costs
36. RSA Authentication Deployment Manager
Overview
• Provides a self-service provisioning model that allows users to request,
deploy and activate hardware and software tokens, from a Web browser
• Automates and dramatically speeds the rollout of RSA SecurID hardware and
software authenticators to end users
• Provides user self-service functionality which can reduce operating costs,
particularly calls to the help desk
— Self-service PIN change
— Request a hardware token replacement
• Scales to easily meet the needs of both small and large user deployments
• Enables flexible integration with other RSA Security products or your existing
corporate resources
— Leverage existing data resources and investments
37. RSA Authentication Deployment Manager
ROI
Manager
faxes form
to IT
paper
request
form
Manager
Signature
IT assigns
SecurID
IT gathers
user info
User data
entered in
ACE/Server
IT issues
SecurID to
user
RSA Auth Deployment Manager
Manual process
Results:
• 7 steps
• Many delays
• Time to deploy:days
• Significant IT involvement
Mail room
issues SecurID
End user
requests token
via ADM
User activates
token via ADM
Results:
• 3 steps
• Time to deploy: < 1 Day
• NO IT involvement,
Authentication Manager
work handled automatically
by Web Express
38. Authentication Deployment Manager Features
Hardware token approval process
Web Server
RSA Authentication
Manager
User Manager
Distributor
4b
Approval
Code
4a
User Request
1
Approval 2
Activation
5
3b
3a
Activation
6
39. Features of Deployment Manager
End user self-service PIN change
Web Server
RSA Authentication
Manager
User
Help desk
Authenticated user
sets up answers
a
b
LDAP
User forgets PIN,
answers questions
1
APIs can enable check
of 3rd party datastore
2
3
User changes PIN
4
40. Any User, Anywhere
• Automation brings rapid deployment
• Resource limitations are no longer a barrier to rollout of RSA
SecurID
• Available 24x7
• RSA Authentication Deployment Manager works for the base of
users and data that you want to protect
—Enterprise
—B2B
—B2C
—ASP
RSA Authentication
Deployment Manager
47. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
48. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
Administrative
Access
OS/Network
Devices
49. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
Administrative
Access
OS/Network
Devices
Data Encryption and
Boot Protection
50. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
Administrative
Access
OS/Network
Devices
Data Encryption and
Boot Protection
Enterprise
SSO
51. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
Administrative
Access
OS/Network
Devices
Data Encryption and
Boot Protection
Enterprise
SSO
Web
SSO
52. RSA SecurID
Authentication in Action
VPN
Gateway
RSA Authentication
Manager
and
Appliance
Web
Access
Citrix
WAP/802.11
Wireless
Administrative
Access
OS/Network
Devices
Data Encryption and
Boot Protection
Enterprise
SSO
Web
SSO
Federated Identity
Management
53. RSA Security the Company
Facts
• Is a profitable, stable company with a 20+ year history
leading the authentication market.
• Has a worldwide “follow the sun” support organization
that is recognized as best in class by customers.
• Has an experienced professional services organization
to help with special requirements.
54. Facts
• Has a worldwide network of experienced channel partners
prepared to deliver and support the RSA Security products.
• Is committed to industry standards and is leading the efforts
to define the one- time password specifications.
• Has a research arm—RSA Laboratories—that is recognized
as an industry thought leader in addressing current and
future security issues.
Customer Benefit
• Customers should feel comfortable knowing they are
dealing with an innovative company committed to their
success and satisfaction.
RSA Security the Company
55. What RSA Security’s Customers Say—
from the recent The Info Pro survey
•“It’s solid. It just works. High assurance of proper authentication.”
•“Experienced, trusted.”
•“The number 1 vendor in providing authentication.”
•“Ubiquity makes support easy and reliable.”
•“The server stays up. It is scalable and has a great track record.”
•“Great for us. It is reliable and it works when it should.”
•“Very solid and dependable.”
•“Very impressed with RSA and their products. They are a great company and
I always get the answers I need. They’ve been fantastic.”
•“Their tech support is the model for a help desk and quality of support. They
are the best I’ve ever seen.”
56. RSA Security—the obvious choice
• The strongest, most proven two-factor
authentication solution in the industry
• The most dependable, highest-quality
solution . . .
– that can be used for more
applications than any other
– while providing more choices
for tokens and server software
– from an innovative company,
dedicated to supporting its
customers.