Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RSA integration for security devices

Posted on 2013-12-05
9
Medium Priority
?
298 Views
Last Modified: 2014-05-04
Hi Team,

Is possible to integrate the following devices with RSA 7.1?

1) f5 devices

2)HP Tipping point IPS

3)Algosec Firewall Analyzer

4) edmz  PAR

5) Symantec NAC hardware devices

6) Proofpoint mail gateway
0
Comment
Question by:TanSal
  • 5
  • 4
9 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39700994
In what way? The logins to these devices for administration? An F5 is a load-balancer, so the web servers aren't going to need RSA...
The IPS, FW analyzers... Seems like you want the login's for the administration of that devices to use 2-factors?
looks like the F5's do http://www.f5.com/pdf/deployment-guides/rsa-firepass-dg.pdf
You'll probably want to search for the others or contact them.
-rich
0
 

Author Comment

by:TanSal
ID: 39701189
Hi Rich,

Yes, login to these devices for administration. Is our clients requirement that all network security devices should login via RSA token or 2-factor authentication. We are using RSA 7.1 vesrion. I have added Cisco, checkpoint and Juniper firewalls. But for rest of the devices I need your help.

Tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39701527
That's going to be hard, it's up to the makers of those products, not RSA, to work with second factors. The client should be made aware that 2-factor isn't the end-all-be-all to login threats or account forcing. Many of these services simply rely on a cookie once the user has authenticated, and if someone were to steal the cookie, they'd be logged in as the person too. If the interface's aren't using HTTPS or some other encrypted tunnel the data is still plain-text over the network. There are many more factors to secure communications than the authentication or 2-factor authentication part.
http://www.experts-exchange.com/Security/Misc/A_12368-Two-Factor-Authentication-Added-layers-are-not-always-added-security.html

It's a good goal to have, however, it's not practical to say all logins have to be this way, there can be compensating controls that are in fact better than 2FA. But if they have no vision or flexibility then the goal is doomed to fail.
-rich
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:TanSal
ID: 39709021
Hi Rich,

In our  clients network we are using triton  websense version 7.7. Is it possible to integrate version 7.7 with RSA. If we upgrade to 7.8 surely it  support  RSA. my concerns is it required to make any changes in websense server means create RSA agent for for websense.Please help.

Regards
tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39709520
I don't have those products other than RSA, I'd write to your vendor's and ask them directly how they can support 2FA, most of them probably won't :( It's an odd requirement when there are probably other compensating controls that can be done to also provide authenticity of a login. There can be firewall rules on the host or network that only allows access from certain IP's or Workstations. Add to that, the workstations only allow certain users to login to them. There is IPSEC tunneling that can also prove someone is who they say they are before being able to login to a portal to make changes. It's a too rigid to HAVE TO HAVE RSA, I do not think that is going to work out in the majority of cases.
-rich
0
 

Author Comment

by:TanSal
ID: 39743193
Hi Rich,

Any update?

tan
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 39743452
I have not written to your product vendors to see if they support RSA, I'd suggest you ask them directly and for you're points on this question to be refunded. Use the Request Attention button.
-rich
0
 

Author Comment

by:TanSal
ID: 39781619
Thanks for your confirmation. I have some doubts on RSA

-tan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39782010
Again it's not just RSA, it's 2-factor altogether. It's not a typical requirement I've seen for administration tools. but your vendors may be able to tell you better who they possibly integrate with.
-rich
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question