I need a list of all applications (including web apps) that are integrated with RSA tokens for authentication. How to generate this list from RSA Security Console? Are there any other ways to get this information?
Gaurav Kumar Bali,
A TSE will correct me if I am wrong, but I'd think if you look at your agents (Access > Authentication Agents > Manage Existing), that would give you a list of all of agents in your deployment. If they are named in a way that is indicative of their function and/or have information in the Notes field, that should give you what you need.
I did check the canned reporting templates and did not see one that reports on all agents but there are reports for agents not updated with auto registration, agents with RADIUS clients, agents with unassigned IP addresses, etc. but not specifically what you are looking for.
Perhaps you want to add an idea to the RSA Ideas for RSA SecurID Access space to add that as a reporting option?
Authentication traffic does not contain many specific details about the agent, beyond the userid and the password field (password field is expected to contain a passcode or authenticate code). So, we don't use the authentication traffic to advertise 'is this a Cisco ASA, or an RSA web agent, or RSA windows agent?'. Any details like that would need to be added as descriptive notes when the agent is configured for the first time.
Unless your admins made specific descriptive notes, the best you can do is list the agents or radius clients which can define the DNS name/IP addresses that might be sending authentication requests. Even then, there may be TCP agents defined by a logical name only, with no IP. Similarly, radius may have what we call an <ANY> client, which also is IP agnostic.
The way to step into an totally unknown environment and figure it out, would be:
running authentication activity reports to learn the agents that are sending requests....
-and/or combined with-
network traffic capture, and weed out what is arriving at the RSA server on the authentication ports (5500/udp, 1812/udp, 1645/udp, 5500/tcp, 5555/tcp) and work your way back to the source and learn what the source machine is.
I am a little unclear as to information you're seeking.
There is general information on RSA "Partner" products. These are third-party products in which RSA/Agent implementations are embedded. There are 100's of applications and products that support either RSA SecurID authentication protocol directly or support RADIUS.
If you're asking for details on your specific deployment, the latest RSA/Agents (MFA/REST agents) can provide the server with more detailed information on the agent (i.e. platform, agent type, version, etc.). As Edward Davis mentioned, the audit logs can also be used to analyze agent activities (or lack thereof).
Retrieving data ...