rsa security: authentication (ace server/securid)
DESCRIPTION
TRANSCRIPT
Matt CollingsChannel Development Manager
Strong Authentication
RSA Security Inc. The Most Trusted Name in e-Security
• Market leader in authentication and encryption
• Rapidly growing force in PKI
• Most recognized brand in the industry
• Mantra for open, standards-based solutions
• Integrated, synergistic product lines
• RSA technical know-how, two decades of expertise
• Solid customer base
• Strategic partnerships across industry
• Strong channel relationships
• Global presence
• Professional services for the enterprise
And the list goes on...
Global Company
• 1,000+ employees worldwide
• Direct sales and SecurWorld channel partners in more than 45 countries
• 150 RSA SecurID Ready partnerships around the world, 230 RSA SecurID Ready Certified Products
• 40+ RSA Keon Ready Partnerships
• 600+ RSA BSAFE Partners worldwide
We Enable Secure e-Business by…
EnableEnable
Ensuring the authenticity of. . .
. . .in wired and wireless environments
People
DevicesTransactions
Ensuring Authenticity …
Secure e-Business ProcessSecure e-Business Process
… Means Solving these Problems
User IdentityUser Identity PrivilegesPrivileges
and and PersonalizationPersonalization
DataData PrivacyPrivacy
TransactionTransactionIntegrityIntegrity
User IdentityUser Identity PrivilegesPrivileges
and and PersonalizationPersonalization
DataData PrivacyPrivacy
TransactionTransactionIntegrityIntegrity
With Enabling Technologies
AuthenticationAuthentication AuthorizationAuthorization EncryptionEncryption PKIPKI
Delivered in RSA Products
User IdentityUser Identity PrivilegesPrivileges
and and PersonalizationPersonalization
DataData PrivacyPrivacy
TransactionTransactionIntegrityIntegrity
AuthenticationAuthentication AuthorizationAuthorization EncryptionEncryption PKIPKI
Cost of Not Having Strong Authentication
Revenue Revenue ImpactImpact
• ISP hacked, 100 hours of down timeBottom Line: $400,000 loss due to lost customers
• New York Times online hacked & down for 10 hrs Bottom Line: $250,000 loss in revenue
• Kevin Mitnick’s attacks cost companies almost $300M
DamageDamageCostsCosts
• Criminal hacking caused $123M in losses last year*
MaintenanceMaintenanceCostsCosts
• Password maintenance costs = $60+ per help desk call
* FBI, 3/99
RSA SecurIDIdentification vs. Authentication
IdentificationWho are you? “I am Matt Collings”
AuthenticationProve it.
“Matt Collings”
Authentication The Basics
• Something you know– Password– PIN– “mother’s maiden name”
• Something you have– Physical key– Token– Magnetic card– Smart card
• Something unique about you– Fingerprint– Iris– Face recognition
+ PIN+ PIN
Two-Factor User Authentication
SecurID Product Family Components
ACE / Agents
SecurID Authenticators
ACE / Server
Time-based Token Authentication
Login: mcollingsPasscode: 2468234836
PIN TOKENCODE
Token code: Changes every
60 seconds
Unique seed
Clock synchronized to UCT
PASSCODE = +PIN TOKENCODE
A Closer Look at Time Synchronization
SeedTime
354982354982
RSA RSA ACE/ServerACE/Server
AuthenticatorAuthenticator
Algorithm
SeedTime
354982354982
Algorithm
Same SeedSame Seed
Same TimeSame Time
RSA ACE/ServerArchitecture
SecondarySecondaryPrimaryPrimary
AutomaticAutomatic
UpdatesUpdates
The Expanding RSA SecurID Family
• RSA SecurID hardware tokens
• RSA SecurID software tokens
• RSA SecurID smart cards
• RSA SecurID for the Palm
Computing Platform
• RSA SecurID for WAP devices
Provides for building access via magnetic
stripe or proximity chip (HID, Mifare,…)
Building Access
Building Access
Supports dynamic loading and unloading of additional applications, like e-purse,
loyalty, …
Value-added ApplicationsValue-added Applications
Supports the US Federal Government’s Common Access Card initiative
CAC Support CAC Support
Offers the power of RSA’s SecurID Passage smart
card software
Passage Applications
Passage Applications
Employee Badge
Employee Badge
Offers personalization with photo ID, logos, signature panel, …
The Passage Smart Card- A platform for authentication and more
Provides on-card key generation, crypto co-processor, and secure
storage of PKI credentials
PKI Credentials
PKI Credentials
Multi-applicationPlatform
Multi-applicationPlatform
JavaCard and Open Platform compliant, on-chip
USB engine in 2002
PassageSmartCard
PassageSmartCard
6
RSA Security Solutions
RSA SecurID
RemoteAccess
VPNs
e-Business EnterpriseAccess
Solutions from RSA Security
Web Server
Firewall
RSA ACE Server
RAS
Intranet
Mainframe
Enterprise
UNIXRSA Agent
Remote Access
InternetRSA
Agent
Internet Access e-Business
RSA Agent
Enterprise Access
RSA Agents
Dial-Up InteroperabilityRSA SecurID Ready Partners
RSA ACE Server
RAS
Intranet
Mainframe
Enterprise
UNIXRSA Agent
Remote Access
3Com
Access Beyond
ACT Networks
Apple Computer
Ascend
Attachmate
BinTec
Cabletron
Cisco
Citrix Systems
Compaq
Digi International
Emulex
FORE Systems
Funk Software
Gandalf Technologies
Hewlett-Packard
IBM
ITK
Kasten Chase
Lantronix
Livingston (AT&T)
Microsoft
NextCom
Nortel Networks
Novell
Perle Systems
PFU Ltd.
RAScom
Shiva / Intel
Soliton Systems K.K.
Xyplex Networks
VPN / Firewall Interoperability SecurID Ready VPN & Firewall Partners
Firewall /VPN
RSA ACE Server
Intranet
Mainframe
Enterprise
UNIX
InternetRSA
Agent
Internet Access AltaVista
Ascend
Aventail
Check Point
Fortress
IBM
InfoExpress
Internet Devices
Indus River
Nortel Networks
RedCreek
Semaphore
Shiva / Intel
Sun
TimeStep
TIS
V-ONE
VPNet
ANS
Ascend
Axent (Raptor)
Check Point
Cisco
CyberGuard
IBM
Internet Dynamics
Milkyway Networks
NEC Technologies
Netscreen
Net Associates (TIS)
Secure Computing
Sun Microsystems
Technologic
WatchGuard
Virtual Private Networks Security Environment (Non IPSec)
Encrypted tunnel through public network
Who’s at the other end of
the line?
Corporate Network
Internet
VPN Client
VPN Gateway
Virtual Private NetworksRSA SecurID Benefits
Feature Benefit
Positive identification of users Authentication ensures security for VPN access
Broad range of authenticators Fits a road warrior’s arsenal of tools for user convenience
Easy to use Simple user execution and single method of login
Interoperability and investment protection
Integrates with all major VPN products
Scalability Scales to 100,000’s of users
Flexibility Works with or without PKI
What is Public Key Infrastructure?
• Framework for using public/private keys
• Issues, stores, revokes digital certificates
• Establishes trust relationships among employees, suppliers, customers
• Provides security for existing applications and environments
• Enables new applications and commerce opportunities
• Enables new uses of existing applications
What PKI Provides
• AuthenticationAuthentication to ensure parties are who they say they are
• PrivacyPrivacy to protect sensitive information
• AuthorizationAuthorization to ensure parties can access specific information
• IntegrityIntegrity to guarantee the transaction is not altered
• Non-repudiationNon-repudiation to prove the transaction occurred
PKI Components
• Public/private key pair
• Digital certificate
• Certificate authority
• LDAP directory
• Authentication device
RSA Keon Desktop
Web app.
RSA Keon PKI Solutions
Applicationserver
(e.g.SAP)
RSA Keon Security
Server
RSA BSAFEPKI-enabled app.
RSA SecurIDAuthenticator
RSA Keon Agent
RSA Keon RA
RSA Keon CA
6
Secure DirectorySecure Directory
Save toSave toSecureSecure
DirectoryDirectory
AutomaticallyAutomaticallyEncryptedEncrypted
Create FileCreate File
Transparent File Encryption Keon Desktop
The Most Trusted Name in e-Security
WWW.RSASECURITY.COM