000033958 - Public proxy IP usage and RSA Adaptive Authentication for eCommerce backoffice applications

Document created by RSA Customer Support Employee on Sep 28, 2016Last modified by Yasmine Dowidar on Jul 10, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033958
Applies ToRSA Product Set: Adaptive Authentication for eCommerce/3DSecure
RSA Product/Service Type: Adaptive Authentication for eCommerce/3DSecure
RSA Version/Condition: Any
 
IssueFor security and compliance reasons, access to all RSA Adaptive Authentication for eCommerce (AAeC) backoffice websites is limited by IP whitelist restrictions, in addition to ID/password, to ensure connectivity to the sites is possible only from authorised parties.
The IP addresses of a pubic proxy such as Forcepoint are shared between organisations that use the public proxy.  Therefore, adding the IPs of a public proxy to an AAeC whitelist nullifies the spirit of IP whitelist restrictions because the IPs do not provide the added assurance of the connecting party.
TasksOrganisations who use a public IP proxy should ensure their staff do not use the public proxy's IPs when accessing the AAeC backoffice sites.  Only dedicated public IPs may be added to an AAeC IP whitelist.
 
Resolution A proxy bypass can be configured to ensure only the organisation's dedicated public IPs are used when connecting to AAeC backoffice.

Attachments

    Outcomes