000035944 - Does RSA Adaptive Authentication (OnPrem) can identify all of the anonymizer transactions or only few anonymizers?

Document created by RSA Customer Support Employee on Feb 22, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035944
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueHi, We have seen that RSA AA promptly identifying the transactions from Anonymizer IP address. Can RSA AA identify all of the anonymizer transactions or only a few anonymizers?
ResolutionRSA AA can identify anonymizer transactions.  The anonymizer information is brought from a third party database that is updated on a regular basis to include newly identified IP addresses marked as anonymizer.
The file that keeps the most up to date IP (and anonymizer) information is the GeoIP file.  Please refer to the AAOP 7.1 documentation, Operations Guide, Chapter 10 "Updating GeoIP Information" for more details.
This is what the database provider specify about the anonymizer detection:
Anonymizer types detected by this database:

Anonymizing VPN services
These services offer users a publicly accessible VPN for the purpose of hiding their IP address.
Tor Exit Nodes
The Tor Project is an open network used by those who wish to maintain anonymity.

Hosting Providers/Data Centers
Since hosting providers and data centers can serve to provide anonymity, the Anonymous IP database flags IP addresses associated with them.
Public Proxies
These are proxies that are available for free and publicly posted.

In AA you can use this information to create rules in the policy management to identify and deny/challenge/allow transactions and create case if needed when a transaction coming from an anonymizer is detected:
User-added image