Agenda
•
RSA Security Overview
•
RSA SecurID Solution
•
Citrix / RSA Security Advantages
RSA Security at a Glance
•
World leader in cryptographic innovation
– RSA, RC2, RC4, RC5, MD5 – PKCS standards
– Pioneering new digital signing and access management products
•
World leader in encryption software
– Nearly 1,000,000,000 copies of RSA BSAFE® components in use worldwide, in everything from Web browsers to cellular phones
•
World leader in strong authentication
Ensuring Authenticity …
… Means Solving these Problems
User Identity
User Identity
PrivilegesPrivileges
User Identity
User Identity
PrivilegesPrivileges
and and PersonalizationPersonalization DataData PrivacyPrivacy Transaction Transaction Integrity Integrity
With Enabling Technologies
Delivered in RSA Products
User Identity
User Identity
PrivilegesPrivileges
and and PersonalizationPersonalization DataData PrivacyPrivacy Transaction Transaction Integrity Integrity
AuthenticationAuthentication EncryptionEncryption AuthorizationAuthorization PKIPKI
Enable
Enable
The e-Security Continuum
Defend
Defend
• Intrusion detection
• Vulnerability assessment Enable Enable • Firewall • Antivirus Detect Detect
•AuthenticationAuthentication
•AuthorizationAuthorization
•PrivacyPrivacy
RSA SecurID
A family of products that confirm an individuals
identity online, with over 11 million RSA SecurID
Security Pyramid:
Identity is the Foundation
Policies and Procedures
Policies and Procedures
Strong Authentication
Strong Authentication
Authorization
Authorization
Encryption
Encryption
Audit
Identification
vs
.
Authentication
Identification
Who are you? “I am John Smith.”
“Password”
The Different Factors of Authentication
• Something you know – Password
– PIN
– “mother’s maiden name”
• Something you have – Physical key
– Token
– Magnetic card
– Smart card
• Something unique about you – Fingerprint
– Iris/retina
– Face recognition
Authentication concerns
•
Freeware tools
•
Password database management
•
Help desk costs
•
End user password strength
•
Social Engineering
•
Former Employees
Need for Strong Authentication
•
Certificates
– Exportable
– Binds to machine
– No default security
– Expensive to renew
•
Biometrics
– Non-replaceable
– Unreliable - false positives “good enough”
– Static - prone to replay attacks
Strong Authentication
•
ACE/Server - SecurID
– Two Factor Authentication • Something you know • Something you have – Changes every 60 seconds – One-time password
PIN &
PIN &
Time-based Token Authentication
username:JSMITH
Passcode: 2468 234836
PIN
TOKENCODE
Token code: Changes every 60 seconds
Unique seed
Clock
synchronized to UCT
RSA SecurID Product Family:
System Components
+ACE/Server
ACE/Agents
(included)
SecurID Authenticators
ACE / Server - the Power Behind
SecurID
•
Authentication Engine, User, and
Policy Manager behind SecurID
•
Carrier-Class Performance and Scale
– Over 12,000 installations
– Tens of thousands of users per site
•
Manageability and Control
The Expanding RSA SecurID Family
•
RSA SecurID hardware tokens
•
RSA SecurID software tokens
•
RSA SecurID smart cards
•
RSA SecurID for the Palm
Computing Platform
RSA SecurID Hardware Tokens
RSA SecurID Standard Card RSA SecurID
PINPAD
RSA SecurID Key Fob
RSA SecurID ComboReader
• Software token
– Similar to a Pin Pad
– Installed directly on users desktop
– Easy to use and install
• Palm™ Handhelds
• Ericsson R380s smart phone
• Nokia 9210 Communicator
•
Intercept access requests and forces
RSA SecurID
authentication
•
Software embedded in or layered on top
of
225+
network infrastructure products from
over
150+
vendors
– Remote Access Servers (RAS)
– Routers
– Firewalls
– VPNs
– WEB
•
Enables
RSA SecurID
strong authentication to
integrate with your existing & future infrastructure
Agents for Network and Application
Access
• UNIX - AIX, HP/UX, Solaris
• IBM MVS OS/390
• IBM AS/400
• Microsoft Windows NT and IIS
• Microsoft Windows 2000
• Novell NMAS
• Netscape
• Lotus/Domino
RSA SecurID – Environment
Mainframe Network Unix Applications Applications & & Resources Resources Intranet Web Server RSA ACE/Server Internet RAS VPN or Firewall E-Business E-Business RSA Agent Remote AccessRemote Access Enterprise Enterprise
NFuse – Key Benefits
• Virtual Workplace
– User-specific web-based application access “Anytime, Anyplace, Anywhere”
• Integration
– Provide users with the broadest range of Windows and/or UNIX applications, all from a single Web browser
• Personalization
– Customize the content around applications and the application set that each user receives
• Control
Web Application Deployment
•
Users
want:-– Secure Access
– Rich Functionality
– Interface of current applications, within a web browser
•
Issues faced are:-
– Cannot guarantee the identity of users accessing sensitive data and applications
– Difficult to deploy
The Most “Basic” Web Security Solution
Weak
Password
Authentication
SSL Encryption Only
SSL Encryption Only
NFuse Web Server &
CSG
Privacy
Authentication
A “Zero Footprint” Web Security Solution
SSL Encryption
SSL Encryption
w/ Two-Factor Authentication
w/ Two-Factor Authentication
NFuse Web Server &
CSG
Two-Factor User
Authentication
Privacy
NFuse Login
Stronger NFuse Login
Citrix Secure Gateway
•
Key Benefits
– Denies direct access to internal resources over the Internet
– Use 2-factor authentication without touching MetaFrame
– Simplified client firewall traversal
RSA SecurID – Key Benefits
• Secure Authentication
– Guarantees user identity unlike traditional static passwords
– Passwords – they are the weakest link… goodbye!
• Quick Time to Market – Zero Footprint
– Ease of Use
• Cost Reduction
– Passwords expensive to maintain
– Reduction in Helpdesk calls
• Wide Range of Authentication Form Factors – Flexibility of choice
• Hardware
• Software
•
Users now
have:-– Secure Access
– Rich Functionality
– Interface of current applications, within a remote thin client session
•
Issues resolved are:-
– Cannot guarantee the identity of users accessing sensitive data and applications
– Difficult to deploy
– Difficult to manage within the web environment
Secure Web Solutions
Summary
Secure Virtual Workplace
Ensuring trusted user identities, web-based
access, to applications & resources they require
Questions?
The Most Trusted Name in e-Security™