Educause Security Discussion mailing list archives
Re: RSA SecurID
From: Greg Vickers <g.vickers () QUT EDU AU>
Date: Fri, 26 Sep 2008 09:52:52 +1000
Hi Christopher, Christopher Jones wrote:
We are currently investigating two-factor authentication via RSA's SecurID appliance solution. Initially, it may be just for IT in order to manage privileged access. Eventually, it could be extended to other employees. Has anyone recently implemented this? If so, what was the scope of the implementation (IT staff only, employees, everyone)? Any feedback concerning this would be welcomed and appreciated. Thanks.
We have just commenced an evaluation of the SecurID product, we haven't actually received the product yet, but have placed the order. We will be applying it to our VPN solution in a six month pilot, for access to our corporate hosts. This means that anyone who needs access to these hosts will be requested to use a new VPN connection profile which will use the SecurID process for authentication. (The old profile without SecurID will still be available during the pilot, just in case.) The new version of SecurID, v7.1, has a programmable API which we will leverage in the event that we retain the product after a successful pilot, and was one of the features that is highly desirable for us. (We will program an interface to ESOE - http://esoeproject.org - which is being used for all web authentication at QUT now.) We don't plan on requiring all employees to use Two-Factor Authentication (2FA), but will use 2FA to protect "the crown jewels" of QUT's information assets such as privileged access to hosts, or privileged operations in finance and human resources systems. The product doesn't use an *existing* password in conjunction with the token code - when a token is first used, the user sets a 'pin' (a series of digits) for that token and the pin combined with the token code is the 'passcode' used for authentication. We were under the impression that the product would use our existing username/password credentials in conjunction with the token code, but this is not the case. So far we have received very good pre-sales support from the local RSA representative, it's an encouraging start :) Feel free to shoot me any questions you may have. Cheers, -- Greg Vickers Phone: +61 7 3138 6902 IT Security Engineer & Project Manager Queensland University of Technology, CRICOS No. 00213J
Current thread:
- RSA SecurID Christopher Jones (Sep 24)
- <Possible follow-ups>
- Re: RSA SecurID Marc Scarborough (Sep 24)
- Re: RSA SecurID Mclaughlin, Kevin (mclaugkl) (Sep 24)
- Re: RSA SecurID Christopher Jones (Sep 24)
- Re: RSA SecurID Greg Vickers (Sep 25)
- Re: RSA SecurID Russell Fulton (Sep 27)
- Re: RSA SecurID Gary Dobbins (Sep 27)
- Re: RSA SecurID Nick Lewis (Sep 27)
- Re: RSA SecurID Mark Powell (Sep 28)
- Re: RSA SecurID Derek Ethier (Sep 28)
- Re: RSA SecurID Christopher Jones (Sep 29)