|Applies To||RSA Product Set: Adaptive Authentication for eCommerce/3DSecure|
RSA Product/Service Type: Adaptive Authentication for eCommerce/3DSecure
RSA Version/Condition: Any
|Issue||For security and compliance reasons, access to all RSA Adaptive Authentication for eCommerce (AAeC) backoffice websites is limited by IP whitelist restrictions, in addition to ID/password, to ensure connectivity to the sites is possible only from authorised parties.|
The IP addresses of a pubic proxy such as Forcepoint are shared between organisations that use the public proxy. Therefore, adding the IPs of a public proxy to an AAeC whitelist nullifies the spirit of IP whitelist restrictions because the IPs do not provide the added assurance of the connecting party.
|Tasks||Organisations who use a public IP proxy should ensure their staff do not use the public proxy's IPs when accessing the AAeC backoffice sites. Only dedicated public IPs may be added to an AAeC IP whitelist.|
|Resolution||A proxy bypass can be configured to ensure only the organisation's dedicated public IPs are used when connecting to AAeC backoffice.|