Questions on import of new RSA SecurID tokens
I recently received our order for the 250 RSA tokens we recently purchased (Existing Serial Number <redacted>, New Sales Order\Contract Number <redacted>). I have completed the steps to download the DecryptCodes zip file. As I am going to use the RSA product on an Isolated, non internet connected environment, do I need to insert the RSA CD on my internet connected computer to complete the final steps or do I need to insert the RSA CD in a CD drive that is in the Isolated, non internet connected environment. firstname.lastname@example.org
In addition, on the same Isolated, non internet connected environment how can I clear the existing defunct RSA database (or do I need to be concerned) and only have the new token information? Upon importing the new information will it overwrite the old database or with the new data or will the new RSA data be mixed with the old RSA database files.
You can do the final steps isolated (B) below.
New tokens are just added, they do not overwrite existing tokens unless you import the same seed record and choose to overwrite duplicates. You can simply delete old tokens using the Security Console, or leave them alone.
The decrypt process, you need to be online to access the web site initially, but can be offline to produce the actual seed records to be imported to Security Console later. A must is: a connected CDROM for that final step.
Some snips from the decryption guide:
A) This step must be done with internet connection:
Download the Decryption Code File: Use the information on the RSA Token Records CD label to download
your decryption code file from the RSA Download Central site (https://dlc.rsasecurity.com). For example,
once you enter the Token Pack ID and Confirmation Number, follow the prompts to zip the decryption code
file and protect it with a password. A decryption code file contains one or more decryption codes unique to
your token records. You must remember the password to decrypt the token records. For security, this is a
one-time process. You cannot download the same decryption code file twice.
The above step produces a zip file which is a code, not your seed records yet.
Now you can take this completely offline, but will need to use a live CDROM for the next steps.
B) This next part can be offline in a secure environment:
Decrypt the Token Records: Bring a copy of the decryption code file and the RSA SecurID Token Records CD
to a secure computer running Windows XP Service Pack 3 or later. You may want to use the computer where
you access your RSA authentication server console. (For example, you can copy the decryption code zip file
to a scanned USB storage device. Remember or write down the password needed to open the zip file.) Insert
the CD into the drive. The CD automatically opens the RSA SecurID Token Record Decryption Utility. (If your
computer does not use the AutoRun feature, open Windows Explorer, browse to the CD, and double-click
RSASecurIDTokenRecordDecryptionUtility.exe.) The utility prompts you to browse to the decryption code
zip file and enter the password for the zip file. The utility accesses the decryption code and decrypts your
token records. It then produces two files:
- Decrypted token records (XML file)
- Import password (text file)