|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
|Issue||Hi, We have seen that RSA AA promptly identifying the transactions from Anonymizer IP address. Can RSA AA identify all of the anonymizer transactions or only a few anonymizers?|
|Resolution||RSA AA can identify anonymizer transactions. The anonymizer information is brought from a third party database that is updated on a regular basis to include newly identified IP addresses marked as anonymizer.|
The file that keeps the most up to date IP (and anonymizer) information is the GeoIP file. Please refer to the AAOP 7.1 documentation, Operations Guide, Chapter 10 "Updating GeoIP Information" for more details.
This is what the database provider specify about the anonymizer detection:
Anonymizer types detected by this database:
Anonymizing VPN services
These services offer users a publicly accessible VPN for the purpose of hiding their IP address.
Tor Exit Nodes
The Tor Project is an open network used by those who wish to maintain anonymity.
Hosting Providers/Data Centers
Since hosting providers and data centers can serve to provide anonymity, the Anonymous IP database flags IP addresses associated with them.
These are proxies that are available for free and publicly posted.
In AA you can use this information to create rules in the policy management to identify and deny/challenge/allow transactions and create case if needed when a transaction coming from an anonymizer is detected: