RSA Security

Validating Users and Devices to Protect Network

Assets

Endpoint Solutions for Cisco Environments

Identity Protection & Management

• Even if your device is compliant, your anti-virus is up-to-date and your personal firewall is enabled, the wrong people or rogue devices can still be accessing network assets and your sensitive corporate data.

• Today, you’ll learn:

—How best to safeguard network access from unauthorized access

—About the problems and costs associated with passwords

—About the importance of both user and device authentication

—The solution fit between RSA and Cisco networks

Validating Identity to Protect Network Assets3

Who are you?

Partner

EmployeeHacker

Customer

3

RSA Security’s Value

RSA Security’s value is its ability

to help organizations protect their

information and manage

the identities of the people

and applications accessing

and exchanging it.

4

Advancing e-Business

Transforming e-security into a business enabler

Thousands of customers worldwide

— 89% of the Fortune 100

— 66% of the Fortune 500

— 88% of the world’s top 50 banks

2004 RSA Security Inc. All rights reserved

5

RSA Security’s Market Solutions

Secure Mobile & Remote Access

Secure Enterprise Access

Secure Transactions

Identity & Access Management

Consumer Identity Protection

Authentication in the EnterpriseThe Business Problem

• Increasingly broader access to critical enterprise data

• Need to protect corporate resources

• Inconsistent user experience

• Inability to meet regulatory compliance

• Inability to audit

• Escalating help desk costs

2004 RSA Security Inc. All rights reserved

7

The Business ProblemAddressing security sacrifices simplicity

Complex passwordsFrequent password changes

Multiple passwords

AuthenticationThe Cornerstone to E-security

• Authentication is the essential foundation for e-business

— Establishes trust by proving identities of the participants in a transaction

• Without knowing with a high level of certainty who you are dealing with, it is:

— Not possible to properly assign access control & other rights

— Not possible to trust a digital signature

• In many cases it makes no sense to encrypt data if you don’t know who’s on the other end of the line

Two-Factor User AuthenticationMost Common Application

+ PIN+ PIN

Authentication ChoicesRelative Strength

Weaker Stronger

PasswordPolicy

+PIN

+PIN

Single factor Two factor

+

+

PIN

+

Three factor

PASSWORD

POLICY

Secure

• Two-factor authentication

• Eliminates password vulnerabilities

Simple

• Consistent user experience online or offline

Auditable

• Single log for all authentication

Efficient

• Reduces need for password reset policies and associated costs

RSA SecurID Authentication Devices

• RSA SecurID Hardware Tokens — Key fob

— Standard card

— PinPad

• RSA SecurID Tokens for:— Windows Desktops

— Palm Handhelds

— Windows Mobile PocketPC

— Blackberry Handhelds

— Mobile phones

• RSA SecurID Smart Cards/ USB Tokens

RSA Authentication SolutionsRSA Keon Digital Certificates

Major Benefits:

- Digital signing

- Encryption

- Secure email

FormsSigning

RSA Sign-On Manager 4.0 Key Features

Web and

Browser

Apps

E-mail

Groupware

Chat

Host/

Mainframe

Apps

Client/

Server

Apps

Desktop

Apps

VPN and

Dial-Up

Citrix

RSA Sign-On Manager Server

RSA Sign-On Manager Client • Offers centralized

management of SSO & authentication policy

• Scalabile and simplified administration

IntelliAccess™ Technology

*****

Secure Enterprise Single Sign-On integrated with best-of-breed strong authentication solutions

SecurID

SEED

RSA & Cisco Integrated Solutions Tested, certified, and mutually supported

RSA SecurID RSA Digital Certificates

Smart cards & USB tokens

Cisco VPN (PIX, & 3000 series)

Cisco Aironet Wireless LAN

Cisco IOS-based routers, etc.

Cisco IP Telephony

Cisco Network Admission Control

Complementing Cisco NAC: RSA extends endpoint security measures beyond security posture & device compliance through the validation of devices and rightful users accessing network resources.

Complementing Cisco NAC: RSA extends endpoint security measures beyond security posture & device compliance through the validation of devices and rightful users accessing network resources.

AAA Server (ACS)

RSA Authentication Manager

Hosts &Users Attempting Network

Access

Network Access Devices

Policy Enforcement Points

Credentials Credentials

EAP/802.1x

Credentials

Access Rights

Notification

Cisco Trust Agent

Authenticated?

RSA & Cisco NACExtending Endpoint Security with Device/User Authentication

RSA Keon CA

RADIUS RADIUS

Cert Validation

Policy Decision Points

RSA & Cisco VPN Secure Remote Access Solutions

Encrypted tunnel

through public network

Corporate Network

Internet

Cisco VPN Client

RSA Keon CA

RSA Authentication Manager

Cisco VPN3000 Series

Embedded RSA Authentication Agent

RSA & Cisco Aironet Wireless LAN Secure Enterprise LAN Access Solutions

Corporate Network

Cisco AironetWireless Client

Cisco SecureACS

RSA Keon CA

RSA Authentication Manager

Cisco AironetAccess Point

RSA & Cisco Network Infrastructure Secure Admin Access (through ACS)

Cisco Pix Firewall

Admin Access

Cisco IOS

Routers

Cisco

IOS RAS

Cisco PIX VPN

RSA Authentication Manager

Cisco IOS

Firewall

Cisco IOSVPN

Cisco Secure

ACS

RSA & Cisco Network Infrastructure Device Authentication

Cisco Pix VPN

Cisco VPN 3000

CiscoRoutersCisco

RAS

Cisco Aironet

Wireless Client

Cisco IOS

Firewall

Cisco IP Phone

Cisco Secure

ACS RSA Keon CA

Cisco Pix Firewall