Skip navigation
All Places > Products > RSA SecurID Access > Blog
1 2 3 Previous Next

RSA SecurID Access

130 posts

In today’s ever-changing world, enterprises are striving to deploy the right identity management strategy that fits their current environment and future needs. Businesses with the traditional physical-office-only setup, have had to adapt and flex new muscles to enable remote access for their employees.

 

As the businesses shift the operations from office to home, remote working does come with its risks. Unprotected endpoints through which the workforce accesses the corporate network become easy targets. These laptops contain the organization’s sensitive data. Protecting these corporate endpoints and workstations with stronger multi-factor authentication is no longer a choice, it’s a necessity.

 

The timing couldn’t have been better for launching the latest RSA SecurID Access innovations, including RSA MFA Agent 2.0.1 or Microsoft Windows, considering the need to rapidly enable remote access to dynamic workforce leveraging the RSA Cloud Authentication Service. MFA Agent 2.0.1, built on a modern and secure interface, provides a seamless and consistent Windows sign-in experience from ground-to-cloud.

 

The traditional RSA Authentication Agent 7.4 connects to RSA Authentication Manager to provide strong and highly reliable authentication services. MFA Agent 1.2 built on REST interface, enables modern authentication such as push to approve and device biometrics leveraging RSA Cloud Authentication Service.

MFA Agent 2.0.1 merges the best of two worlds. It is a universal Agent leveraging RSA Authentication Manager 8.5 and the RSA Cloud Authentication Service to provide strong multi-factor authentication to users signing into Windows, both online and offline.

 

Boost Remote Productivity and Experience – With No Fail-Open

Enabling secure remote access is the top concern for organizations. Seamless and consistent authentication experience is no longer a second priority. When users are challenged for multi-factor authentication, they do not care if they are connected to an on-premises data center or cloud. They want convenience and consistency whether they are online or offline. With “no fail-open” offline authentication mechanisms, RSA ensures users are fully authenticated with strong multi-factor authentication even if they are offline. In addition to providing various options for online and offline authentication, MFA Agent 2.0.1 takes care of emergencies too. Users with lost or stolen authenticators or no network connectivity can now log on to Windows machines using Emergency Access codes without causing any disruptions.

 

More Power to Administrators - Dynamic workforce just got even more dynamic

The year 2020 saw a sharp increase in remote workers - comprising permanent employees, temporary workers, and third-party partners. In addition to provisioning remote access, you need to ensure the right authentication methods are enforced to the right people with the right assurance levels. Through the admin console, you can manage every user’s authentication requirements – from traditional hardware tokens to device biometrics. MFA 2.0.1 also offers administrators a slew of controls to tailor the authentication experience to meet their business needs. Policies are at your disposal to customize the settings such as - load balancing and failover mechanisms, user access with challenge groups, and password order changes. These additional controls not only empower the administrators but also provide greater flexibility.

 

Accelerate the journey to the cloud – Change doesn’t always have to be scary

Organizations are looking to modernize the authentication experience and migrate to the cloud. But are apprehensive about the possible disruptions it could cause to their current set-up. In that light, here are some key features to help you with this preparation. 

Connecting on-premises to the cloud: The proxy and high availability features of Authentication Manager 8.5 ensures the dynamic workforce is secured 24x7. If the cloud service becomes unavailable the RSA Authentication Manager takes over authentication requests. This hybrid approach ensures users are “always-on” and work as securely, reliably, and productively as those on the network.

Co-existence of Agents: Co-existence of traditional and MFA Agents allows you to take a phased approach. Break down the large deployment into smaller launch plans targeting the sub-population to leverage Cloud Authentication Service.

Migration & Upgrade Paths: For a smooth migration from the Authentication Agent 7.4 or later versions,  you can use the migration utility packaged with the installer. This ensures the policy settings are migrated automatically to the new policy templates.  Customers who are on MFA Agent 1.1 or later version can directly upgrade to MFA 2.0.1.

 

To learn more about the features see release notes.

During these days of remote work, have you found yourself with a bit of bonus time that used to be consumed with a daily commute? Why not seize this opportunity to hone your skills and add your newfound knowledge to the benefit of all?

 

RSA University is pleased to bring to you an all-new training lineup for RSA SecurID Access! Our updated curriculum has been designed to help you quickly get up to speed, based on your role and how you use the product(s).

 

Following the RS SecurID Access product strategy, we’ve combined a number of courses into a 2-part instructor-led series that will get you the need-to-know in an efficient manner. In addition, we have a brand new On-Demand Lab that’s ideal for longtime SID admins to explore and experience the latest features RSA SecurID has to offer. Take a look at the newest courses listed below!

 

 

Benefits of Training
  • RSA SecurID Access I – Administration: This 4-day training course is designed for the individual responsible for administering RSA SecurID Access – both in the cloud as well as with the traditional, on-premises Authentication Manager. Here, you’ll learn about all of the features included and have plenty of hands-on experience working with labs. Help Desks and IT Administrators are being asked to do more and more to help support an expanded remote workforce and this course is perfect for experiencing the latest technology, refreshing your expertise, or getting new members up to speed quickly. This course is also available in our self-paced, On-Demand Classroom modality.
    • Upcoming Live/Virtual Course Dates: August 31-Sept 3 (US), Sept 20-24 (Singapore), Nov 9-12 (US)

  • RSA SecurID Access II – Infrastructure Administration and Tuning: This 4-day training course is designed for the implementors of RSA SecurID Access and Authentication Manager. As with the previous course, this is also available in our self-paced, On-Demand Classroom modality. System Engineers and similar technologists appreciate the ground-level-up understanding they gain from this course and are well prepared to expand an existing system or react quickly in disaster recovery.
    • Upcoming Live/Virtual Course Dates: Aug 17-20 (US), Sept 14-17 (EMEA), Oct 9-22 (US)


  • RSA SecurID Access Self-Guided Exploration Lab: This BRAND NEW On-Demand Lab course gives you a great overview of what the lab environment includes and a lab guide that will guide you through a number of exercises intended to get your feet just wet enough so you feel comfortable jumping into the pool. Designed for current admins, this course is a great option for RSA SecurID admins who are interested in leveling up their skills, in seeing the latest features, and in practicing with features they might not currently be taking advantage of in their own environment.

 

For a full listing of all of our courses, kindly refer to our training page at: https://community.rsa.com/community/training/securid 

 

 

Some commonly asked questions:

 

Q: I/we only have the on-premises version of Authentication Manager (AM). Would I benefit at all from taking the full SecurID Access series?

 

A: Absolutely. In terms of licensing, where the Base edition used to be only AM, traditional agents and tokens, basic cloud functions are now supported. (MFA Authenticate App, protected access to cloud applications, and “SSO Agent” portal.) If you’re thinking only about Authentication Manager at the Base level, you may be missing out on a number of features that RSA is now including. Our SID Access classes cover all of these other capabilities. (An interesting factoid: About 80% of our customers only use about 30% of available product functionality!) These classes apply to options our customers can offer their end users and to partners for providing more options to their clients.

 

Q: What version(s) do these new courses reference?

 

A: At the time of this writing, our lab environments for RSA SecurID Access are on the June 2020 Release. RSA Authentication Manager is currently on 8.4 patch 4, MFA Agent for Windows is v1.0, and MFA Agent for macOS is v1.0 - macOS is something we discuss about in the courses but do not include within our lab environments.

 

Have questions about which training is right for you or your team? Reach out to me at megan.olvera@rsa.com - I'd be delighted to hear from you! 

As we all are transitioning to embrace the new normal and support the remote workforce, there is an unprecedented need to keep the endpoints secure without compromising convenience. It is critical that we take steps to enable the dynamic workforce to access resources by providing a frictionless and seamless experience. We are excited to provide updates as part of June, 2020 Release that perfectly align with this objective.

 

 

RSA® MFA Agent for macOS® 

 

Endpoint security is a major concern for CSO and IT managers. Given the pandemic situation, there is a significant increase in the number of end-user devices (especially through laptops and desktops) trying to access the corporate network remotely, along with a corresponding increase in the number of hackers trying to compromise. With RSA® MFA Agent for macOS®, organizations can protect and ensure secure logins to the macOS® laptops and workstations. RSA® MFA Agent for macOS® works with RSA SecurID Access Cloud Authentication Service to require users to provide additional authentication to sign into macOS® consoles, whether they are online or offline. 

 

Today’s enterprises understand and acknowledge the need to manage identities in a dynamic fashion given their dynamic environment and dynamic workforce. Although strong authentication is top of mind, convenience and user experience are no longer a secondary priority. Defying the “more-is-more" approach, customers and users want to manage minimum set of authenticators for an efficient and seamless experience across use cases.  

 

Above statement being our preamble of the RSA® MFA Agent for macOS®,  authentication options available to end-users are  Push to Approve, RSA SecurID Authenticate Tokencode and RSA SecurID Tokens when things are all fine.
The Agent falls back to Authenticate Tokencode when users are offline and offers Emergency Tokencode option when they have no access to authenticators. With RSA SecurID Access, users are always connected securely. 
 

 

By protecting the macOS machines not just during user logins but also during screen unlocks and with the no-fail-open design, RSA ensures there is no “slip through the cracks” situation even when the Agent is unreachable to the Cloud Authentication Service.

 

To know more and watch the the MFA Agent in action, 

Cake for All! Secure & Convenient Login for The New Enterprise for macOS®  

Watch RSA® MFA Agent for macOS® In Action

 

View and Track License Usage Information  

 

Understanding the product usage is an important factor for planning and forecasting future license upgrades. Customers can view their current usage of MFA on RSA SecurID Access and Authenticators registered for the service. Administrators can access the following information to determine:

  • Number of users with Multi-factor authentication (MFA) licenses 
  • Number of users with third-party FIDO authenticators
  • Number of SMS/Voice Tokencodes consumed 

 

This data is refreshed automatically every hour to ensure that administrators have visibility to the most recent information.

 

Get More Out of Enterprise and Premium Editions of RSA SecurID Access with the Third Party FIDO Authenticators 

 

We all know how effective FIDO is when it comes to thwarting phishing and man-in-the-middle attacks. FIDO Alliance promotes and supports the stronger authentication standards that help reduce the over-reliance on the passwords. So is RSA!  

 

In December 2019, RSA partnered with Yubico® to address the needs of a dynamic workforce and provide modern and frictionless authentication experience with the FIDO authentication solution. With FIDO2 and RSA SecurID Access Authentication services, RSA customers enjoy the passwordless experience while accessing SaaS and web applications.  

 

Until recently, the customers had to purchase RSA SecurID MFA licenses to use FIDO/FIDO2 authenticators. With this change, we are removing the frictions for the enterprises to adopt and build stronger and more modern authentication strategies.  

 

FIDO Authentication Support  

 

While we are talking about extending the support for FIDO, why not talk about RSA SecurID Authentication API. RSA SecurID Authentication API, a REST-based programming interface that allows RSA customers and partners to leverage MFA capabilities for the custom-built applications.

 

In the June release, RSA SecurID Authentication API supports FIDO/FIDO2 as authentication method along with the existing MFA methods. To supplement FIDO as part of authentication, RSA SecurID Access supports managing the entire lifecycle too. RSA understands, for the organizations to begin using FIDO at scale, it requires more than just the authentication support for the protocol. At the initial login authentication attempt, users can enroll their FIDO authenticators or keys before using them as part of multi-factor authentication methods. By providing users with the ability to manage

the keys with self-service and in-line registration, RSA removes barriers for organizations and technology partners to adopt RSA SecurID Authentication support for FIDO.  

 

 

To learn about additional updates coming out in June 2020, see June Release Notes. 

 

Organizations today are reeling from decisions made at the start of the “New Normal”. These decisions were made during a rapidly deteriorating situation happening on a global scale, all in response to continually evolving mandates issued by different levels of government. Action on these decisions was swift, of the business simultaneously, and fundamentally changed how the business functioned on a day-to-day basis.

 

The New Normal results in a widely distributed Remote Workforce.

The Remote Workforce that must use the internet to access Corporate Resources.

Corporate Resources are accessed from the home office using All Available Machines.

The Machines that keeps the lines of business running in The New Enterprise.

 

As the “New Normal” begins to stabilize, organizations are starting to understand the impact of these changes. One such need is the ability of the remote workforce to securely log in to machines running macOS® and use them to access corporate resources. Prior to this, organizations had little appetite to secure these machines because their numbers were relatively small and easy to track and manage.

 

Today, these machines are used by the remote workforce in all parts of the world. They are connected to the internet using a variety of consumer grade networking equipment and broadband service providers. More importantly, there are no guarantees of physical access security to these machines. New problems are revealed as the lines of business continue to allow the use of macOS machines by the remote workforce. Solving them will require a New Enterprise Grade solution that can meet the needs of both users and administrators in the "New Enterprise".

 

Users need Convenient Login to macOS any time whether Online or Offline with No Fail-Open.

Administrators need Secure Login to macOS anytime whether Boot-Up or Wake-Up.

 

Announcing the Launch of RSA MFA Agent 1.0 for macOS

 

Today, RSA® proudly launches RSA MFA Agent 1.0 for macOS; an important step for a New Enterprise Grade endpoint protection solution. This agent is the culmination of many years of experience from securing Windows® and Linux® machines belonging to organizations of all sizes and verticals. You will discover that this agent fulfills the needs of both users and administrators while they adapt to the "New Enterprise". Additionally, you can learn how we do this for Windows and Linux machines in the “Eat More Cake!” blog and the Pluggable Authentication Module (PAM) announcement.     

 

Convenient Login Whether Online or Offline with "No Fail-Open"

 

Users want a quick and easy way to log in to macOS. Many users do not want to carry different devices all the time just to log in. They do not want to figure out if their macOS machines are connected to the internet just to log in with the right device. All they want is to carry one device and use one app to log in to their machines.

 

RSA MFA Agent for macOS lets users log in using a choice of Approve, Authenticate Tokencode, Emergency Access or RSA SecurID® Token that is convenient anytime the machine is online. Gone are the days when users get limited access to the machine when offline with our deliberate use of a "No Fail-Open" design. The agent automatically protects the offline machine using one of the most secure options, Authenticate Tokencode. Users can conveniently log in to their machines with this when offline, just as they do when online.

 

Secure Login Whether Boot-Up or Wake-Up

 

Users typically log in to their macOS machines at the log in or lock screen. Of these two places, users most frequently log in at the lock screen, because the machine automatically locks itself when the user has not interacted with it for a while. Examples of this include users stepping away for a short break or when moving to a new meeting room and reopening the laptop lid to use it. The log in screen by comparison happens only when the machine is turned on or restarted.  

 

Any secure desktop protection solution that uses a Fail-Open design without protecting the lock screen really takes the cake! Not only can someone gain access to the machine by figuratively pulling the network cable, they can stay logged in with just the username and password. Requiring users to login with Authenticate Tokencode using our innovative "No Fail-Open" design, preventing login bypass, at both log in and lock screens, even when the machine has no connectivity, is how we do it better.

 

Ending on a Sweet Note

 

As we enter the "New Enterprise" era, organizations are reevaluating their Identity and Access Management (IAM) solutions in use more than ever. They will not accept so-called "Enterprise Grade" solutions that favor convenience or security at the expense of the other while operating in the "New Enterprise". They want to have their cake and eat it too. With RSA SecurID Access, organizations can get a convenient and secure solution that is balanced, but getting one that is New Enterprise Grade is just icing on the cake.

 

 

An organization or lines of business within organizations should consider having an integrated authentication strategy and framework. An authentication solution should aid in advancing that framework in meeting specific identity and security objectives. Such organizations looking at free Microsoft Azure AD MFA or RSA SecurID Access need to use these critical elements when building or supporting such authentication framework. 

 

Protect applications beyond Windows-based and browser-based

Most organizations will continue to manage a hybrid IT model with non-windows applications and infrastructure existing in both cloud and on-premise. These infrastructure systems like switches, routers, VPN’s, server systems (*nix) need privileged access by super-admins. IAM teams need to think about how to securely enable 2FA/MFA for those privileged admins and end-users with a native integration that doesn’t compromise user experience. RSA SecurID Access provides an agent-based approach that can protect remote access infrastructure such as VPN’s, Citrix access gateway Windows Remote desktop sessions, critical server environments including Linux systems.

 

Support non standard protocol applications through a combination of technology ecosystem and an extensible API model

For legacy applications that do not support standard protocols (eg. SAML, RADIUS, OIDC) organizations need to think about extending MFA capabilities using an API approach or pre-built integration with technology vendors.  RSA Ready program helps organizations have an out of the box certified integrations with 500+ applications through 100+ technology vendor partnership. RSA SecurID Access can enable MFA to non-browser or non-SAML based applications through native integration with network vendors such as Palo-Alto Networks or provide out of the box MFA integration with electronic medical records applications such as Epic systems. RSA SecurID Access helps organizations to extend their deployment to meet enterprise grade requirements by exposing API/SDK for any custom integration.

 

Support dynamic workforce with authentication choices and a simplified experience across the entire MFA lifecycle including user onboarding

Supporting a broad range of user types and providing clear paths for those users to self-register any MFA method consistently as part of on-boarding is critical. RSA SecurID Access on-boarding experience through out of the box capability or extensible REST APIs helps organizations to create simplified user experience while on-boarding users all backed by a powerful policy engine. Besides on-boarding, a framework needs to handle what/if scenarios such as credential recovery and emergency access. What if users need a break glass approach to gain access to applications or self-service capabilities when their phones are misplaced or forgotten. What if contractors need 1-time code to access systems without the overhead of distributing tokens or using mobile phones. RSA SecurID Access provides options to help handle emergency situations and variety of user types and scenarios.

 

As discussed above any security sensitive organization looking to advance their authentication framework should consider appropriate critical elements.  IAM practitioners within those organizations need to contemplate whether having a free solution advances or restricts those elements in supporting diverse workforce access applications across their hybrid IT environment. 

As each lines of business (LOB) within an organization procure their own authentication solution the overhead costs of managing such solutions needs to be evaluated.  Does this island of point solutions drive additional process challenges and more disconnected authentication framework for an IAM team? Below are key discussion points to ponder before going down the path of implementing multiple authentication solutions

 

Reproducing & managing integrations & automation with multiple authentication platforms may prove costly

Organizations invest in the automation and integration of an authentication platform with existing security tools such as an SIEM platform, governance tools for collecting, reporting and regularly auditing of access events.  RSA SecurID Access enables those organizations to automate the process or workflow during on-boarding of users, distribution of MFA credentials and sharing of data for auditing needs. Replicating these integrations and automation across security systems using a second authentication platform may add additional cost and resourcing challenges.

 

Reflect on process challenges when considering multiple authentication platforms

Often rolling out or upgrading an MFA infrastructure requires a common buy-in across desktops, mobile, infrastructure, remote access and security teams. This required interaction creates process friction and overhead within some organizations.  Hence using native integration & out of the box capabilities provided by an authentication platform is critical in reducing such friction for IAM team’s success. RSA SecurID Access has such native integration capabilities through agent-based model, out-of-the-box integration with infrastructure vendors (eg. VPN, firewalls, virtualization platforms) and support for both hardware and virtual appliances. IAM teams should reflect on such process challenges and associated friction when adding yet another authentication solution in their toolbox to solve point use-cases.

 

Reduce user education and training costs and improve productivity through a single authentication platform

Educating and training users with two different authentication experiences provided through different solutions is a challenge when those users require the broadest set of authentication options to access applications. IAM teams considering two different authentication solutions as part of their tool set should consider looking at possible overhead of staffing and technical training of help desk team members in supporting those solutions. RSA SecurID Access helps build consistent end-user experience across the broadest set of applications and widest authentication choices that reduces the overhead of training and educating end-users. In addition, the IAM teams can improve overall help desk costs by choosing a single vendor that provides consistent experience in supporting users across a hybrid environment. 

 

Managing multiple authentication platforms doesn't end with technical, people or process challenges for IAM teams. The invisible costs extends to vendor management challenges, security teams managing vulnerabilities and fixing those gaps across multiple point products, and more. As an IAM practitioner one needs to evaluate and reflect on holistic value achieved through using one versus multiple authentication platforms that meets an organization's broadest set of security and identity needs. 

The word free has multiple meanings according to the Merriam-Webster dictionary. Among them are “not restricted”, “not costing”, “relieved from something burdensome”. When a solution is free or bundled with Enterprise License Agreements (ELA) and is used as key decision driver towards purchasing or rolling out Multi-Factor Authentication (MFA) the hidden costs are overlooked leading to return on investment challenges. An Identity and Access Management (IAM) influencer or a decision maker thinking about free Microsoft Azure AD MFA need to consider the following three criteria and associated questions while making such decisions.

 

  1. A consolidated authentication framework to support diverse user population, variety of infrastructure & applications while mitigating identity specific attacks. Do organizations feel restricted or advancing in developing a consolidated authentication framework using a free solution?
  2. Overhead costs related to people & processes from supporting multiple vendors and managing multiple authentication platforms. Does having multiple authentication vendors cost organizations more?
  3. An authentication platform that helps IAM teams meet different regulatory requirements while supporting strong security policies. Do free solutions burden IAM teams more when trying to address MFA requirements as part meeting their regulatory needs (eg. PCI-DSS, DFARS, EPCS) ?

 

If the answer is a resounding yes to the above questions the next series of blogs will provide guide paths and recommendations on how to address those questions effectively. These recommendations should enable organizations & IAM teams make an informed decision when considering RSA SecurID Access or free Microsoft Azure AD MFA for their authentication needs.

 

Organizations have been subjected to more regulations (eg. New PCI standards, CCPA etc.) than before and this creates additional burden for IAM teams to keep up with such regulatory requirements. An authentication platform should be able to help meet such regulations while helping meet security and privacy requirements. As an IAM practitioner one needs to consider the following guide paths when considering a free Microsoft Azure AD MFA or RSA SecurID Access or any authentication solution.

 

  • Regulatory requirements - A single platform that helps address organizations myriad regulatory MFA compliance requirements

Some regulations mandate strongest form of authenticators as per the NIST assurance levels (eg. AAL 2 and 3) for your workforce. An example is EPCS where strong proofing, 2FA and access logging are required for prescribing electronic prescriptions. RSA SecurID Access can enable such organizations with in-person proofing and secure distribution of 2FA tokens out of band. For organizations subjected to DFAR,  RSA SecurID Access can provide FIPS compliant solution to meet 2FA requirements. The PCI-DSS 2.0 regulations call for knowledge of success or failure of a factor is not provided to individuals until all factors have been submitted. RSA SecurID Access can support such requirements through multi-factor and multi-step process for network login into secure cardholder environment.

 

  • Unified visibility across cloud and on-premise (hybrid) infrastructure to help meet auditing needs

Auditors need visibility into which users had access to applications and systems on both cloud and on-premise infrastructure.  Specifically, they need data on users, applications accessed, level of authentication used to gain access to those systems. RSA SecurID Access enables such visibility into an organization’s access infrastructure through out of the box reporting and the ability to export such events to external systems for further reporting or analysis. With a hybrid IT model (on-premise and cloud applications), IAM teams will benefit from a platform that provides comprehensive view of all user access events across multiple applications types and user population.

 

  • Security teams – Reduce identity specific attacks with a powerful policy engine

Security policies need to support different assurance levels based on sensitivity of applications and user level risk. IAM teams need to manage policies centrally that helps in achieving such assurance levels through right level of authentication assurance.  RSA SecurID Access provides different assurance levels so that the right level of access controls are implemented. Organizations can use the behavioral analytics risk engine to determine user level risk against peer population based on application, device or location anomaly that can be used on day one.  

With a combination of powerful assurance level driven policy engine and behavioral risk capabilities security teams can be rest assured to mitigate identity threats and support their broader security goals.

 

  • Privacy requirements - A solution needs to understand and help with an organization’s privacy stature

Users have privacy concerns around security teams  installing apps on their mobile devices.  Some security policies mandate that no phones are allowed inside call-centers or data centers. An authentication solution should be flexible to accommodate such requirements. RSA SecurID Access can help  meet such requirements through a hardware OTP tokens or FIDO keys.  

Some organizations are subject to strict data residency requirements (eg. Europe) due to the countries that they operate in. RSA SecurID Access has data centers in local regions where data never leaves the respective regions borders to support data protection and privacy requirements.  

 

Evaluate whether a free MFA solution from Microsoft will help breeze through such regulations, security and privacy requirements. RSA SecurID Access can help untangle complexity and reduce burden for IAM teams by helping meet such regulatory requirements.

Better Together: SecurID Access with your SIEM Platform

 

Introduction

Everyone wants better visibility into the behaviors (or misbehaviors) of their users. We are often asked by customers a simple question. What should we watch out for? 

 

The RSA SecurID® Access Cloud Authentication Service produces a large list of events for a variety of purposes. These are emitted from both the Cloud Service itself and the supporting Idenity Router virtual appliance clusters. These events are intended to be used for a variety of purposes, including:

 

  • Security and Event monitoring
  • System health
  • Supporting audit activities
  • Troubleshooting system or integration issues

 

These events fall under three major categories and severity levels: Administration, System and User events. 

 

To help you get started, we have collated a shortlist of events that may be of interest. We emphasised events that were related to security and critical health warnings. Be warned! This list does not encapsulate every possible event of interest for your deployment and is not intended as an exhaustive list specific to your organisation.

 

RSA recommends augmenting this guidance with your knowledgeable delivery partner or with  RSA Professional Services to help provide specific advice for YOUR organisation. 

Furthermore, when alerting on events related to the SecurID Cloud Risk Engine, this provides an additional dimension of visibility around suspicious behaviour. This is relevant even if your organisation does not use the risk engine to drive down the frequency of user challenge - even organisations that wish to challenge specific apps or users can gain the benefits of the risk engine as a monitoring tool for user and device behaviour.

 

Please consult the full list of Cloud Service Events here: https://community.rsa.com/docs/DOC-99818

If you are a lucky customer that uses the RSA Netwitness Platform as your SIEM, consult the official documentation on how to connect it to the Cloud: https://community.rsa.com/api/core/v3/contents/26032/data?v=1 

 

If you have another SIEM platform, also consult the following document on how to pull Cloud Service Events into your SIEM via the Cloud Event API: https://community.rsa.com/docs/DOC-96948

 

Cloud Administration Events

It is recommended that all administrative activity relating to SecurID Cloud Authentication Service be examined as this represents changes to a system that may have broad reaching consequences. A list of activities that should be monitored is presented in the following table.

 

Activity Key

Activity Code

Message

 Suggested Action

SIGNIN_FAILURE

80002

Admin {0} sign-in failed

Repeated failures should be alerted upon

LOCKED_ADMIN_ACCOUNT

80003

System locked admin {0} account

Alert

UNLOCKED_ADMIN_ACCOUNT

80004

System unlocked admin {0} account

Alert

DELETE_POLICY

80202

Admin {0} deleted access policy {1}

Alert

DELETE_IDR

80302

Admin {0} deleted identity router {1}

Alert

RESET_IDR_PASSWORD

80308

Admin {0} reset the identity router {1} password

Alert

DELETE_CLUSTER

80322

Admin {0} deleted cluster {1}

Alert

DELETE_TRUSTED_LOCATION

80902

Admin {0} deleted trusted location {1}

Alert

DELETE_ALL_TRUSTED_LOCATIONS

80903

Admin {0} deleted all trusted locations

Alert

DELETE_TRUSTED_NETWORK

81003

Admin {0} deleted trusted network {1}

Alert

DELETE_ALL_TRUSTED_NETWORK

81004

Admin {0} deleted all trusted networks

Alert

DELETE_ADMIN_USER

82002

Admin {0} deleted admin user {1}

Alert

DELETE_APPLICATION

82302

Admin {0} deleted application {1}

Alert

DELETE_RELYING_PARTY

82502

Admin {0} deleted relying party {1}

Alert

 

 


 

Cloud System Events

 

System events trigger the following messages to appear in the System Event Monitor.

 

Event Code

Level

Category

Description

Suggested Action

2507

error

Identity Source Sync

Identity source synchronization not completed successfully.

Alert

2508

notice

Identity Source Sync

Users are missing one or more unique identifiers. Check the user attribute configurations in both the cloud identity source and the directory server.

Alert

20152

error

Identity Router

Identity router cannot initiate contact with the Authentication Manager server.

Alert

20155

error

Identity Router

Identity router cannot connect to Authentication Manager - Unknown error.

Alert

20161

error

Identity Router

The identity router cannot connect to any configured identity sources.

Alert

20162

error

Identity Router

The identity router cannot connect to some configured identity sources.

Alert

20165

error

Identity Router

Some of the configured DNS servers are not working properly.

Alert

20166

error

Identity Router

None of the configured DNS servers are working properly.

Alert

20184

error

Identity Router

Identity router CPU usage exceeds the threshold limit.

Alert

20187

error

Identity Router

Cluster is offline and not in quorum. No configured identity routers are online.

Alert

20189

error

Identity Router

Identity router memory usage exceeds the threshold limit.

Alert

 


 

Cloud User Events

 

Event Code

Level

Description

Suggested Action

104

error

Authenticate Tokencode authentication failed - Invalid tokencode.

Alert on repeated attempts

105

error

Authenticate Tokencode authentication failed - Previously used tokencode detected.

Alert on repeated attempts

114

error

Identity router API tokencode authentication failed - Cloud Authentication Service unreachable.

Alert – IDR unable to reach cloud

117

error

Identity router API user status check - Identity source unreachable.

Alert – LDAP unavailable

213

error

LDAP password authentication failed - Cannot establish a trusted SSL/TLS connection with the LDAP directory server. Check for invalid certificate.

Alert – LDAP unavailable

215

error

LDAP password authentication failed - Sign-in failure: unknown username or invalid password.

Repeated failures should be alerted upon

224

error

LDAP password authentication failed - LDAP account locked out.

Alert – user locked out

409

error

Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact identity router.

Alert – IDR unavailable from Cloud

410

error

Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact directory server.

Alert – LDAP unavailable for sync

608

error

RSA SecurID user authentication failed - RSA SecurID service is not available.

Repeated failures - alert – Cloud service down?

906

error

Portal sign-in failed - Password reset required.

Alert  Possibly to alert helpdesk

910

error

Protected application authentication failed.

Repeated failures should be alerted upon

913

error

Additional authentication failed.

Repeated failures should be alerted upon

932

error

Additional authentication failed - User account disabled.

Alert  Possibly to alert helpdesk

933

error

Password authentication succeeded - Client does not support required additional authentication methods - Access denied.

Alert  Possibly to alert helpdesk

935

error

Unsuccessful password authentication – Access denied.

Repeated failures should be alerted upon

940

error

Password authentication succeeded - User prohibited by policy settings - Access denied.

Repeated failures should be alerted upon

941

error

Password authentication succeeded - Access prohibited by conditional policy settings - Access denied.

Repeated failures should be alerted upon

3013

error

RSA MFA Agent for Microsoft Windows configuration not approved.

Alert  Possibly to alert helpdesk

3015

error

RSA MFA Agent for Microsoft Windows unsuccessful configuration.

Alert  Possibly to alert helpdesk

20403

error

SAML IdP - Error response sent.

If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an SSO Agent application, check the time on the identity router.

Alert 

20601

error

RADIUS - LDAP authentication succeeded - Policy contains no RADIUS-compatible methods for additional authentication - Access denied.

Alert 

20605

error

RADIUS - Cloud Authentication Service unreachable - Access denied.

Repeated failures - alert – Cloud service down?

20615

notice

RADIUS – Authentication failed.

Repeated failures should be alerted upon

20701

error

Access denied – User not a member of any identity source in access policy.

Repeated failures should be alerted upon

20702

error

Access denied – User does not match any rule sets or matches a deny rule set in access policy.

Repeated failures should be alerted upon

20703

error

Access denied – Policy authentication conditions deny access.

Repeated failures should be alerted upon

20802

error

SMS Tokencode message transmission attempt failed - Invalid phone number.

Alert  Possibly to alert helpdesk

20852

error

Voice Tokencode call attempt failed - Invalid phone number.

Alert  Possibly to alert helpdesk

21903

error

SMS Tokencode authentication method locked – User exceeded maximum tokencodes allowed.

Alert  Possibly to alert helpdesk

21953

error

Voice Tokencode authentication method locked - User exceeded maximum tokencodes allowed.

Alert  Possibly to alert helpdesk

25001

notice

Evaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details.

SEE BELOW. When the “Confidence” attribute is greater than the “Confidence Threshold” the risk is low, therefore do nothing. When the “Confidence” attribute is lower than the “Confidence Threshold” the risk is high and therefore alert.

26004

error

Emergency Tokencode locked - User previously exceeded maximum attempts.

Alert  Possibly to alert helpdesk

26005

error

Emergency Tokencode now locked.

Alert  Possibly to alert helpdesk

 

 


 

Evaluated Identity Confidence Event (Risk Engine)

 

As you can see from the log sample below, the parser must be configured to conditionally evaluate the value of the confidence attribute against the confidenceThreshold value. If confidence is lower than confidenceThreshold the risk is considered high and therefore an alert should be generated containing the named user identifier.

 

 

 Identity Router Events

Please consult the full list of events emanating from the Identity Router here: https://community.rsa.com/docs/DOC-54120

 

User Audit Events

Description

Suggested Action

User Audit Events contain no security or health events

 

 

Web Services Audit Events

Description

Suggested Action

Web Service Audit Events contain no security or health events

 

 

System Audit Events

Description

Suggested Action

SYSTEM_ERROR

An error occurred on the identity router.

Alert

SYSTEM_REBOOT

The identity router rebooted.

Alert

 

 

IDR Status Events

Description

Suggested Action

RSA recommends that all IDR system health events be monitored.

Consult the full list of events here, under the “Identity Router Status Events” table:

https://community.rsa.com/docs/DOC-54120

 

 

RADIUS Audit Events

Description

Suggested Action

RADIUS_CHALLENGE_METHODS_NOT_SUPPORTED

A user attempted RADIUS authentication, but RADIUS or the user's device does not support any of the authentication methods allowed by the access policy.

Alert – triage to IT or helpdesk

RADIUS_USER_DEVICE_NOT_REGISTERED

A user attempted RADIUS authentication using a method that requires a mobile device, but no device is registered for the user.

Alert – possibly helpdesk

RADIUS_INTERNAL_ERROR

The RADIUS service encountered an error.

Alert

 

 

The RSA SecurID Access team is excited to provide the following updates as part of the May, 2020 release.  

 

Emergency Access now available for FIDO protected resources 

Emergency access greatly enhances productivity by unblocking access to business critical resources when a user may have lost, misplaced or forgot their authentication device.  Emergency access codes may be used for a fixed period of time as determined by the issuing help desk administrator.

Many organizations are providing passwordless experience to their users to access SaaS/Web applications using FIDO2 as a primary authentication method.  In the May release, users who are using FIDO2 when configured for primary authentication, lose or misplace their security key, can obtain an Emergency Access Code (EAC) as authenticator to gain access to their critical resources protected by FIDO with no loss in productivity.  And they can logon to the RSA My Page Self Service Portal with their EAC to begin the process begin the process of enrolling to obtain a replacement FIDO Security Key.

 

Improved Security for Administrators Who Require Resetting Their Password

The password reset process for all administrators has been made more secure.  For existing administrators, to securely reset any Cloud Administration Console password, the password reset must be completed within two hours of requesting the password reset link. 

 

See the May Release Notes which provides complete details on these new capabilities and other miscellaneous updates coming out in the May 2020 release. 

As we all are going through some level of adaptation to the new normal the one thing that hasn’t changed is our continued commitment in rolling out capabilities to our RSA SecurID Access customers. We are excited to provide the following updates as part of the April 2020 release.  

 

Threat Aware Authentication (TAA) v2 - Improved flexibility to support different customer deployments

Our TAA v1 release (last year) supported limited deployment scenarios. The risky users were identified and exchanged based on email addresses. Customers wanted to have more flexibility in identifying and sharing of the user list.  We saw this customer enthusiasm and commitment in making TAA capability better.  

 

We have updated TAA (v2) to provide that flexibility in identifying risky users between RSA NetWitness and RSA SecurID Access. Now the identities within the risky user list can be in any prior agreed upon format between the two products.

 

RSA SecurID Access can identify the users using Primary Username or an Alternate. These attributes can be mapped to any underlying LDAP/AD attribute (e: samAccountName, userPrincipalName, UID etc). RSA NetWitness administrators can now configure which piece of meta-data they want to use to build and exchange the risky user list.

 

Extend the use of conditional access policy attributes to Enterprise Edition licensed customers

Many of our customers are already using the policy engine to make smart access decisions in protecting a variety of applications. We want to enable more customers in using our policy engine – the true power behind implementing security controls based on your organizational policies. The conditional access attributes used in defining policies helps in harnessing the power of that policy engine.

 

We are thrilled to announce that our Enterprise Edition licensed customers can start using those conditional access attributes NOW!  Those customers can enable policies to provide user access based on dynamic context driven attributes such as countries, trusted locations, trusted networks.  

 

Our premium edition customers are already unleashing the power of these conditional access policy attributes in their access decisions. 

 

Our goal is to enable everyone to make access decisions smarter!!

 

Enabling our customers to address their privacy concerns

Ability to turn off location collection

Some customers promote preserving user privacy as part of their organizational policy or to comply with regulations. We understand such policies and would like to support our customers in their privacy initiatives.  One such privacy related topics is around collecting user location.

 

Beginning in April release we are providing our customer administrators ability to fully control data collection for location. Enabling or disabling location collection is now within the power of customer administrators through the administration console. Those administrators can choose to turn off location collection for specific policy attributes such as trusted locations, country and Identity Confidence.

 

Providing visibility into device capabilities used in mobile apps

Some customers would like to have better visibility into how their end-user mobile device capabilities (eg. Camera, Wi-fi connections) are being used by RSA SecurID Software token and RSA SecurID Access Authenticate App. In April release we have enabled our customers with documentation highlighting details on

  1. The type of permissions required from those mobile devices
  2. Why we need those permissions and is it mandatory or optional

 

The primary goal is to educate our customers and their end-users with the right level of information so that any fear, uncertainty and doubt can be addressed when using the mobile apps

 

We continue to churn cool new capabilities every month. The April release notes provides complete details on other miscellaneous updates coming out in the April 2020 release. 

As depicted in the 2019 movie Ford v Ferrari, the sports car race 24 Hours of Le Mans is an endurance race that tests the durability of equipment and the will and stamina of participants. For many corporate IT teams, dealing with the sudden, almost overnight transition to an all remote workforce has been an endurance race with similar tests.

 

And in the frenzy of needing to rapidly ramp up remote access to an entire organization and the rush to get authenticators into people’s hands to win the initial leg of the race, the obvious fact that there will be downstream impacts to the stability and performance of your authentication system can easily be overlooked. After all, RSA Authentication Manager is a workhorse that often masks smaller upticks without a hitch.

 

However, as your remote user population explodes, peak authentication rates go through the roof, and associated administrative activities (exacerbated by “newbies” to multifactor authentication) ascend to all-time highs, it is possible for performance slowdowns -- and blinding panic -- to set in.

 

Your RSA SecurID solution, normally a rock of IT stability, is going sideways...  “The RSA is broken”...  What is happening?!?!?

 

Don't worry. Everything is going be alright after making the necessary adjustments.

 

It is important that you take a systematic approach to reviewing your RSA environment and evaluating key areas for “redlining” conditions that ultimately result in a poor user experience of one sort or another. These key areas include both underlying system resources as well as RSA configuration parameters.

 

Extensive RSA performance tuning guidance is available through documents posted under the “Optimize & Tune” section of the new RSA Remote Workforce Resource Center.

 

Over its 30+ year history, RSA SecurID Access has established itself as a proven winner, capable of standing up to the biggest challenges...  even while running at high RPMs.

With governments worldwide implementing various travel restrictions and guidelines for its citizens lately, organizations and their employees are learning to live with the New Normal: essential businesses, social distancing, remote learning, and work from home.

 

Organizations today are also learning to deal with the realities of operating in this new environment.

 

The Home Office is now The Office for employees

The Internet is now The Corporate Network for admins

The New Normal is now Business As Usual for Lines Of Businesses (LOBs)

 

LOBs have highlighted an urgent need for employees to conveniently and securely access critical resources from The Home Office, over The Internet, during The New Normal; as they develop business resiliency while simultaneously enabling a large remote workforce. In some cases, employees may require accessing these work resources from just about any machine that is made available to them at any given point in time.

 

Let us take a look at what is new with RSA SecurID Access in 2020 that organizations can use to achieve these goals. 

 

FIDO Authentication

 

Enterprise interest in FIDO as a secure and convenient authentication method for employees to utilize anywhere on any machine is increasingly growing; recognizing that it can provide a means to achieve this goal with devices that are portable and easy-to-use. As organizations begin incorporating FIDO as part of their Identity and Access Management (IAM) strategy, they turn to us as their premier Identity and Access Management (IAM) solution provider to offer not just any FIDO authentication solution, but an Enterprise Grade FIDO authentication solution. Below are some examples of how we do it better:

      

  • Certification of the RSA SecurID Access Cloud Authentication Service (CAS) as a FIDO2 Certified Server - January 2020
  • Verification of the integrity and authenticity of FIDO-certified security keys listed with the FIDO Alliance Metadata Service (MDS) - January 2020
  • Support for Windows Hello enabled devices and compatible Android phones as FIDO authenticators - February 2020
  • The release of the YubiKey for RSA SecurID Access - a hardware based FIDO authentication solution that provides superior defense against phishing, eliminates account takeovers, and reduces IT costs - March 2020
  • The release of RSA Security Key Utility, a Windows utility that can be deployed on users' WIndows machines to manage user verification for any FIDO2-certified security key - March 2020

 

 

RSA SecurID Authenticate Mobile App

 

Aside from the FIDO enhancements above, we have also continued to strengthen the security of our RSA SecurID Authenticate mobile app. With our app being installed on employee owned Bring-Your-Own-Devices (BYOD), IT admins are always concerned with the security and integrity of the underlying devices used to run the Authenticate app. With this in mind, some enhancements made to the Authenticate app to alleviate these concerns. These enhancements include:

 

  • Jailbreak Detection for the RSA SecurID Authenticate 3.2 for iOS - January 2020
  • Enhanced compliance checks for the RSA SecurID Authenticate 3.3 for Android. This ensures that the device is not rooted before allowing use of the app - March 2020

 

Our customers have relied on the RSA Authentication Manager (AM) server to reliably protect their mission critical infrastructure with RSA SecurID Tokens for many years. One notable enhancement made as part of Patch 9 in January 2020 is to allow users to authenticate to applications using biometrics available on their devices, such as Apple Touch ID or Face ID, Android fingerprint, or Windows Hello. This feature is available if customers use the Security Console wizard to connect the AM to CAS. For instructions, see Connect RSA Authentication Manager to the Cloud Authentication Service.  

 

Easier Setup and Management

 

To make it easy for our CAS admins to setup and manage users, the following enhancements have been implemented:

 

 

Miscellaneous

 

Lastly, as a reminder to our customers using CAS, the IP addresses for CAS and the Cloud Administration Console will be changing soon. We recommend that customers make any necessary firewall changes to allow identity routers and user browsers to connect to these new IP addresses. To prevent service disruption, customers' network must be able to connect to both the existing and new IP addresses according to the table below:

 

RegionNew IP Addresses
ANZ

20.37.53.30,

20.39.99.202

EMEA

51.105.164.237,

52.155.160.141

US

52.188.41.46,

52.160.192.135

 

Closing

 

As organizations continue adapting to the needs of a dynamic and growing remote workforce, they expect vendors to offer solutions that can keep up with them. We hope our customers will take advantage of enhancements announced above to provide employees with a convenient and secure way to access critical resources from The Home Office, over The Internet, during The New Normal with an Enterprise Grade IAM solution.  

Regardless of where you live or which generation you belong to, there’s no denying the fact that the way in which we all work and interact has become more automated, more digital and more mobile, and digital transformation is only hastening this trend. Gone are the days of one-size-fits-all work spaces.

Part of business’ digital transformation initiatives is to empower their dynamic workforce to work remotely from anywhere.  Not only this allows flexibility to the workforce but also increases productivity for the business.  Additionally, empowering the dynamic workforce to work remotely, allows the business to mitigate any challenges that would come in the way for the workforce to physically come into a facility

 

Given a number of circumstances, employees are expressing increased interest in working from home. Organizations must therefore find a way to securely extend the convenience of working remotely.

 

For over three decades, RSA SecurID® Access has been doing just that.  RSA SecurID Access, enables businesses to empower employees, part-time workers, partners and contractors to work remotely without compromising security or convenience. Embracing the security challenges of today, bring your own device, and mobile, RSA SecurID Access ensures that users have timely access to the applications they need—from any device, anywhere and ensures that users are who they say they are, with a modern, convenient user experience. 

 

The Business Continuity option (BCO) with RSA SecurID Access allows businesses to continue to move forward and operate in challenging times.  Business Continuity option provides a flexible method to expand the number of users in an organization without expanding their multi-factor authentication budget.  It offers peace of mind to businesses who are looking to temporarily increase their usage of RSA SecurID Access to accommodate the rapid increase of users working remotely.   There is no physical shipping of licenses or authenticators.  Authentication services including one-time-password (OTP) and short message service (SMS) come standard with the business continuity option.  With BCO, businesses can be assured that their employees are able to work remote and do so securely. 

 

RSA is in the business of offering peace of mind with its security solutions to help businesses move forward.  As we know it, life happens, and RSA is here to support our customers through it. 

 

To learn more about the Business Continuity option with RSA SecurID Access, review the attached datasheet and contact RSA at 800-995-5095 or by contacting RSA Customer Support.

Qualys Security scan of RSA Authentication Manager version 8.x servers will find several issues with the RADIUS Ports 1812 & 1813 TCP/UDP including following:

 - QID 11827 - RADIUS Port 1812 TCP/UDP HTTP Security Header Not Detected (HSTS)

 - QID 86763 - RADIUS Port 1812 - "WWW-Authenticate: Basic realm=" header field response using Readable Clear Text

 - QID 86476 - RADIUS Port 1813 - Unable to complete testing since the Web server stopped responding.

 - CWE-693: - Protection Mechanism Failure (https://cwe.mitre.org/data/definitions/693.html)

 

 

The fact that you get a response back from http://am-server-lab.net:1812 is of no value to a hacker because nothing else can be done, there is no method to even authenticate against this port.  The response on https is a 401, forbidden.

 

RSA Engineering Response: The flaw exists but is not exploitable (in a properly configured AM system environment). Port 1812/tcp is not accessed by users or administrators, nor do they have the credentials. It is used internally for RADIUS administration and replication between Authentication Manager servers.

 

You can demonstrate that this is not exploitable with a browser.  Test connections to the RSA Authentication Manager 8.x primary/replica(s) on both 1812 and 1813, with both http and https using a browser, in order to demonstrate no new risks. Newer browser versions or those with strict security settings might prevent these connections, so you may need to find an older version of a browser to run these tests, or possibly modify your browser security settings to allow these old connections.

    URL: http://:1812

    Result: Console Not Supported

console not supported

    URL: http://:1813

    Result:  ERR_EMPTY_RESPONSE

1813_TCP_ERR_EMPTY_RESPONSE

    URL: https://:1812

    Result: 401 forbidden

1812_TCP_https_401

    URL: https://:1813

    Result: Prompts for Sign In RADIUS credentials

1813_TCP_https_Sign_In

 

Optionally you can obtain RADIUS administrative account credentials from the encrypted Authentication Manager internal database using the rsautil command with Operations Console Credentials. To obtain the RADIUS username and password, follow the steps below:

 1. Launch an SSH client, such as PuTTY.

 2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

login as: rsaadmin

Using keyboard-interactive authentication.

Password:

Last login: Wed Jul 24 14:09:47 2019 from jumphost.vcloud.local

RSA Authentication Manager Installation Directory: /opt/rsa/am

rsaadmin@am82p:~> cd /opt/rsa/am/utils

rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.radius.os.admin.username

Please enter OC Administrator username:

Please enter OC Administrator password:

    com.rsa.radius.os.admin.username: Radius_user_nsuo8rll

rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.radius.os.admin.password

Please enter OC Administrator username:

Please enter OC Administrator password:

    com.rsa.radius.os.admin.password: qnWD0fvC0ASuYxYxHqLNJIggOz5enZ

rsaadmin@am82p:/opt/rsa/am/utils>

Once you have the RADIUS_user name and com.rsa.radius.os.admin.password, paste them into the text boxes, as shown:

1813_TCP_https_Sign_In_Credentials

Then you can successfully authenticate to the RADIUS console and further demonstrate no new risks are evident. But even with these credentials, you gain access to a list of RADIUS commands, but cannot see anything 'new',

1813_TCP_https_CommandList

When trying to access any of the commands listed you will get a variation of one of the following messages; not permitted, no style sheet for already known information like the RSA Username, or output from the local PC to a .nada file.

not allowed

No style sheet

1813_TCP_https_CommandList

Output from the local PC to a .nada file

SBR_Launch_NADA

RADIUS TCP port 1813 - The communication to these ports is internal. The Authentication Manager servers will connect to these ports for administration, and other SBR servers will connect for replication. There is also a connection for the initial replication during quick-setup. There are no other system or users which should connect to these ports and they can be blocked by firewalls. Port 1813/TCP as well as port 1812/TCP) should never be exposed to a public facing network. CVE-2013-2566 - The flaw exists but is not exploitable. To exploit this issue, tens of millions of packets must be captured (where all packets have the same plaintext, sensitive data in the same location). The traffic on these ports (for administration and replication) is relatively infrequent, often requiring admin intervention to start the connection and transfer. If there is more data, then more packets will be transferred with the manual operation, but the data in the packets will vary making the exploit impossible. The problem was identified with the RSA RADIUS server?s port 1813/TCP. This is an internal port for RSA RADIUS and is NOT the standard RADIUS port 1813/UDP which is used for RADIUS accounting. Also note that Juniper and RSA document that these internal ports (port 1813/TCP as well as port 1812/TCP) should never be exposed to a public facing network. CVE-2015-2808 - RC4 algorithm vulnerability, in RSA Authentication Manager 8.1 : Not Exploitable The flaw exists but is not exploitable. If a browser which requires the RC4 cipher is used for connection to the authentication manager consoles, then authentication manager is currently capable of negotiating the connection with RC4. However, the vulnerability cannot be exploited because it’s impact is greatest in the first bytes encrypted with RC4 and diminishes, with the vulnerability disappearing after 100 encrypted bytes, if not sooner. The data passed between browsers and the authentication manager does not include any sensitive data in the first 100 bytes of RC4 encrypted data. CVE-2016-2183 - Sweet32, “There is only a vulnerability if customers connect to this port. If they do not connect then an attacker cannot act as a man-in-the-middle to "poodle" the connection. Https://:1813 does not allow real access

 

Filter Blog

By date: By tag: