Solved

RSA integration for security devices

Posted on 2013-12-05
9
282 Views
Last Modified: 2014-05-04
Hi Team,

Is possible to integrate the following devices with RSA 7.1?

1) f5 devices

2)HP Tipping point IPS

3)Algosec Firewall Analyzer

4) edmz  PAR

5) Symantec NAC hardware devices

6) Proofpoint mail gateway
0
Comment
Question by:TanSal
  • 5
  • 4
9 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
In what way? The logins to these devices for administration? An F5 is a load-balancer, so the web servers aren't going to need RSA...
The IPS, FW analyzers... Seems like you want the login's for the administration of that devices to use 2-factors?
looks like the F5's do http://www.f5.com/pdf/deployment-guides/rsa-firepass-dg.pdf
You'll probably want to search for the others or contact them.
-rich
0
 

Author Comment

by:TanSal
Comment Utility
Hi Rich,

Yes, login to these devices for administration. Is our clients requirement that all network security devices should login via RSA token or 2-factor authentication. We are using RSA 7.1 vesrion. I have added Cisco, checkpoint and Juniper firewalls. But for rest of the devices I need your help.

Tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
That's going to be hard, it's up to the makers of those products, not RSA, to work with second factors. The client should be made aware that 2-factor isn't the end-all-be-all to login threats or account forcing. Many of these services simply rely on a cookie once the user has authenticated, and if someone were to steal the cookie, they'd be logged in as the person too. If the interface's aren't using HTTPS or some other encrypted tunnel the data is still plain-text over the network. There are many more factors to secure communications than the authentication or 2-factor authentication part.
http://www.experts-exchange.com/Security/Misc/A_12368-Two-Factor-Authentication-Added-layers-are-not-always-added-security.html

It's a good goal to have, however, it's not practical to say all logins have to be this way, there can be compensating controls that are in fact better than 2FA. But if they have no vision or flexibility then the goal is doomed to fail.
-rich
0
 

Author Comment

by:TanSal
Comment Utility
Hi Rich,

In our  clients network we are using triton  websense version 7.7. Is it possible to integrate version 7.7 with RSA. If we upgrade to 7.8 surely it  support  RSA. my concerns is it required to make any changes in websense server means create RSA agent for for websense.Please help.

Regards
tan
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
I don't have those products other than RSA, I'd write to your vendor's and ask them directly how they can support 2FA, most of them probably won't :( It's an odd requirement when there are probably other compensating controls that can be done to also provide authenticity of a login. There can be firewall rules on the host or network that only allows access from certain IP's or Workstations. Add to that, the workstations only allow certain users to login to them. There is IPSEC tunneling that can also prove someone is who they say they are before being able to login to a portal to make changes. It's a too rigid to HAVE TO HAVE RSA, I do not think that is going to work out in the majority of cases.
-rich
0
 

Author Comment

by:TanSal
Comment Utility
Hi Rich,

Any update?

tan
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
Comment Utility
I have not written to your product vendors to see if they support RSA, I'd suggest you ask them directly and for you're points on this question to be refunded. Use the Request Attention button.
-rich
0
 

Author Comment

by:TanSal
Comment Utility
Thanks for your confirmation. I have some doubts on RSA

-tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Again it's not just RSA, it's 2-factor altogether. It's not a typical requirement I've seen for administration tools. but your vendors may be able to tell you better who they possibly integrate with.
-rich
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now