Solved

RSA integration for security devices

Posted on 2013-12-05
9
283 Views
Last Modified: 2014-05-04
Hi Team,

Is possible to integrate the following devices with RSA 7.1?

1) f5 devices

2)HP Tipping point IPS

3)Algosec Firewall Analyzer

4) edmz  PAR

5) Symantec NAC hardware devices

6) Proofpoint mail gateway
0
Comment
Question by:TanSal
  • 5
  • 4
9 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39700994
In what way? The logins to these devices for administration? An F5 is a load-balancer, so the web servers aren't going to need RSA...
The IPS, FW analyzers... Seems like you want the login's for the administration of that devices to use 2-factors?
looks like the F5's do http://www.f5.com/pdf/deployment-guides/rsa-firepass-dg.pdf
You'll probably want to search for the others or contact them.
-rich
0
 

Author Comment

by:TanSal
ID: 39701189
Hi Rich,

Yes, login to these devices for administration. Is our clients requirement that all network security devices should login via RSA token or 2-factor authentication. We are using RSA 7.1 vesrion. I have added Cisco, checkpoint and Juniper firewalls. But for rest of the devices I need your help.

Tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39701527
That's going to be hard, it's up to the makers of those products, not RSA, to work with second factors. The client should be made aware that 2-factor isn't the end-all-be-all to login threats or account forcing. Many of these services simply rely on a cookie once the user has authenticated, and if someone were to steal the cookie, they'd be logged in as the person too. If the interface's aren't using HTTPS or some other encrypted tunnel the data is still plain-text over the network. There are many more factors to secure communications than the authentication or 2-factor authentication part.
http://www.experts-exchange.com/Security/Misc/A_12368-Two-Factor-Authentication-Added-layers-are-not-always-added-security.html

It's a good goal to have, however, it's not practical to say all logins have to be this way, there can be compensating controls that are in fact better than 2FA. But if they have no vision or flexibility then the goal is doomed to fail.
-rich
0
 

Author Comment

by:TanSal
ID: 39709021
Hi Rich,

In our  clients network we are using triton  websense version 7.7. Is it possible to integrate version 7.7 with RSA. If we upgrade to 7.8 surely it  support  RSA. my concerns is it required to make any changes in websense server means create RSA agent for for websense.Please help.

Regards
tan
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39709520
I don't have those products other than RSA, I'd write to your vendor's and ask them directly how they can support 2FA, most of them probably won't :( It's an odd requirement when there are probably other compensating controls that can be done to also provide authenticity of a login. There can be firewall rules on the host or network that only allows access from certain IP's or Workstations. Add to that, the workstations only allow certain users to login to them. There is IPSEC tunneling that can also prove someone is who they say they are before being able to login to a portal to make changes. It's a too rigid to HAVE TO HAVE RSA, I do not think that is going to work out in the majority of cases.
-rich
0
 

Author Comment

by:TanSal
ID: 39743193
Hi Rich,

Any update?

tan
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39743452
I have not written to your product vendors to see if they support RSA, I'd suggest you ask them directly and for you're points on this question to be refunded. Use the Request Attention button.
-rich
0
 

Author Comment

by:TanSal
ID: 39781619
Thanks for your confirmation. I have some doubts on RSA

-tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39782010
Again it's not just RSA, it's 2-factor altogether. It's not a typical requirement I've seen for administration tools. but your vendors may be able to tell you better who they possibly integrate with.
-rich
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now