Erica Chalfin

Tips for Posting Questions to the RSA SecurID Access Community

Blog Post created by Erica Chalfin Employee on Nov 26, 2018

Scammers and fraudsters are an unfortunate part of every day life in the early 21st century.  Companies buy RSA products to keep their networks, their data and their people safe from these bad guys.

 

The RSA SecurID Access community is a place to ask questions of our skilled support staff and share tips and tricks you have learned with other users.  

 

That being said, please be aware that this community, along with others on RSA Link, are open to the public and can be searched via web browser.  This openness allows for your posts to be mined for data you may have posted unintentionally.

 

For this reason, we want you to keep your data as secure on our community as you do in your deployments.

 

Please find our tips below for posting questions and comments on RSA Link:

 

1.  Do not include the FQDN and/or IP addresses in your posts or in screen shots.  

 

Before posting snippets of log data or a screenshot of an error message, be sure to scrub private data such as the FQDN of your Authentication Manager servers and agents, other authentication devices, etc.  This includes references to network devices in a network diagram, etc. 

 

If you need to post log data to RSA Link, it is easy enough to do a quick search and replace, changing authmgr83p.acme.com, authmgr83r1.acme.com and authmgr83r2.acme.com to primary.domain.com, replica1.domain.com and replica2.domain.com.  Be sure to also mask your agents and other devices in the same way. 

 

Replace IP addresses with x.x.x.1, x.x.x.2, etc. 

 

You will find FQDNs and IP addresses in the files contained in the troubleshooting logs generated via the Operations Console and in logs downloaded from your RSA Authentication Agents or other authentication devices, such as your VPN, PAM agents, etc.

 

For screen shots, the example authentication activity monitor shown below has any sensitive information redacted.

 

The logs above are only for two users (one user whose entries are white, the other user whose activity is in red).  If you have an authentication activity report with multiple users showing, you can scope the report to a specific user ID or, if you need to show multiple users in one report, you can color code the entries, as shown here:

 

 

It's not pretty, but it protects your data.

 

2.  Do not include user IDs in your posts.

 

If you give an example of a corporate standard for your user IDs, it is easier to extrapolate out the patterns your company uses, giving a nick in your armor to the bad guys.  Provide an example user ID in a format other than what you use in your environment.  If you format user IDs as smithj25, provide your example as jsmith.

 

3.  Do not include license numbers, token serial numbers or their output in your posts.

 

Providing even one token serial number from a batch that your company purchased allows scammers to know some or all of the token serial number ranges you own. 

 

Redact this information from screen shots or replace the numbers with xxxxxxxxxxxx.  To refer to multiple tokens, say for different users having an issue, try xxxxxxxxxxx1, xxxxxxxxxxx2, xxxxxxxxxxxx3, etc.  Never post any token seed media or output from token seed media to RSA Link.  This includes the following files and any content inside them:

 

  • The license xml file,
  • The token seed xml, 
  • A decrypt-codes[xxx-xxx-xxx].zip, 
  • A CT-KIP string, or
  • A Compressed Token Format (CTF) file, also known as an .sdtid file.

 

4.  Don't attach database exports to your posts.

 

They should be too large to attach anyway, but we just want to spell this out.

 

Best practice guidelines

 

We'd rather you err on the side of caution and have to request more information from you than have you provide too much that may not even be needed.  When posting follow these simple rules:

 

  • Redact all private information in your posts.
  • Be careful about the information you attach to the post.
  • Post your redacted information and wait for a reply from a support engineer who with either answer your concern or suggest you open a case by contacting RSA Customer Support.

 

If you have any questions about what is OK or not OK to post, drop a comment below and we will be happy to answer you.

 

 

Outcomes