RSA AMX解决方案说明会.ppt

rsa authentication manager express介绍,身份验证市场,1 gartner specialized ssl vpn equipment, 2008 2 forrester enterprise and smb security survey, north america and europe, q3 2008 3 /rockyou-com-passwords-list/,百万 ssl vpn 用户在 20121,%的企业仍旧使用密码作为远端接入的验证,最通常使用的密码3,目标市场,适用客户: 中等规模的企业 ( 2,500 雇员) 目前使用密码来验证 因为价格太贵或不方便使用，目前还没应用强身份认证 强验证的使用场景: 员工不通过令牌接入ssl vpn 和/或owa 合作伙伴和客户访问协作网站 客户连接citrix xenapp 虚拟桌面 客户需求 比硬件和软件一次性密码更低的总体拥有成本 针对员工，合作伙伴或客户干扰很少 只是针对基于web保护的解决方案,3,amx的机会在哪里?,amx 扩展了我们能够销售的市场 介绍给原来决定“不做什么的”公司和人员 服务行业 - 通过在线门户网站向客户提供敏感信息的咨询或法律等企业 保险行业 -为保险人员提供在线网站服务 企业提供基于web的在线订单系统,4,我们听到什么 secure access for mobility and collaboration,5,goes beyond password-only to deliver true multi-factor authentication seamlessly deploy to ssl vpn, web portals and citrix thin clients,minimal changes to it environment no changes to password policy! reduces deployment time and costs integrates with leading vendors,nothing to deploy to users users keep existing username/password choice of different authentication methods silent enrollment invisible security,gives high level of assurance to every user authentication verify and report that each user and application is protected to pass an audit,加强关键基础设施,加速部署价值,保持用户的工作效率,确保合规,rsa authentication manager express,7,解决方案概述,agenda,amx: 多因素认证不需要客户持有额外设备,基于风险的验证,按需认证,容易管理的设备平台,和,9,基于风险的多因素验证,因素 #1: 你所知道的,进一步: 你所 知道的或拥有的,因素 #2: 你所拥有的,因素#3: 你所做的,9,怎样工作: 基于风险的验证,10,rsa 风险引擎,经过验证的成熟的风险引擎 自适应认证同样的风险引擎 保护2亿5千万在线用户 为企业使用进行优化 优化：网络安全 vs 欺诈消除 可预测: 用户情况 vs. 挑战比率 简化: 确信水平 vs. 风险值 自我调试的风险模型适应每一个用户环境,rsa risk engine,设备标识,设备信息是用户计算机有关事实的集合。这些收集的事实被风险引擎评估，以帮助识别欺诈. 对于每个与amx交互的设备，如下信息会被收集: device fingerprint network forensics device token 如果该设备作为用户注册的设备能够被识别，那么这验证请求就会被认为是低风险的，否则，用户就会被认为是高风险的，要求被额外验证。,设备标识,device fingerprint,分析每台计算机硬件和软件的详细特征 user agent string: the version, platform, and the acceptance-language header (the users language preference) system display: width, height, and color depth of the users screen software fingerprint: browser components and plug-ins installed on the device browser language: the language of the actual browser time zone: the users current time zone in gmt language: the users browser language and the system language cookies: whether or not the user has cookies enabled on their device java-enabled: whether or not the user has java enabled on their device.,设备标识,network forensics,将设备的ip地址和原来注册的ip做匹配 支持 dhcp 方式的部分匹配: 确切的 ip 地址: 完全匹配 同一个c 网段: 强匹配 同一个b/a 网段: 弱匹配,注意: ip地址被用作辨识设备特征，但新的，未被辨识的或静态ip地址也作为行为分析的部分被评估,设备标识,device token,device tokens 通过用户计算机上的来作为未来的身份验证cookies和flash shared objects (fsos) 来作为未来的身份验证 device token recovery 能基于设备信息自动恢复用户删除的令牌 device token theft protection 阻止使用一个被窃的令牌（例如通过恶意软件）来模拟用户 设备id会被加密阻止在其他计算机上的使用 令牌生成计数器防止老的令牌的再次使用,行为分析(预测),评估整个组织中每个用户/设备的行为趋势 异常行为使一个验证尝试的风险增加 共同的行为降低在总体风险评估中降低了这一因素的相关性 比如：三类行为会做评估 profile 异常: 最近的密码或账户变更 比较性异常: 例如新的或非经常使用的ip是高风险的 速率异常:单设备/ip用户的高频率或单用户的ip高频率登录 行为异常的总体情况是基于频率和最近的情况的 高的速率或更低的统计概率增加了风险值 近期的事被认为是高风险的，但随着时间推移，变得更小的影响,风险行为的例子,low risk: common activities that nonetheless could be associated with fraud new accounts, recently modified accounts, or authentications from previously unknown locations medium risk: multiple activities combined in a suspicious way authenticating from an unusual location soon after a failed identity confirmation challenge high risk: clearly identified fraudulent activity authenticating from a machine with an invalid or modified cookie,note: the older a risk event, the less impact it has on your risk score,它怎样工作: 按需认证(sms),one-time passcode delivered “on demand” via sms or email based on the rsa securid algorithm compatible with any mobile phone from any carrier no software to deploy or tokens to manage provides multi-factor authentication: factor #1 pin factor #2 mobile device or e-mail account,18,终端用户场景举例 之前,19,access ssl vpn webpage enter username and password access is granted,risk: user could be fraudulent, using a stolen password,终端用户场景举例 之后,20,access ssl vpn page redirected to the secure logon page enter username and password,typical behavior from registered machine,unusual behavior from unregistered machine,typical behavior user is authenticated or challenge presented successful completion of challenge results in authentication complete,authentication successful,authentication successful,authentication characteristics are sent to the risk engine for score calculation,or,ssl vpn登录演示(视频）,可疑活动演示(视频）,集成产品,plug-and-play integration and certified interoperability,visit to view all supported solutions or to request new product integrations,certified and fully supported by rsa implementation guides with illustrated step-by-step instructions builds upon securid agents already embedded in hundreds of products ssl vpns checkpoint, cisco, citrix, f5, juniper, sonic wall web servers, portals, and proxy servers iis, apache owa, sharepoint, citrix xenapp microsoft forefront 2010 (tmg/uag) sms aggregators and modems clickatell, kpn, l, logix mobile, multitech, sybase 365, syniverse, talariax, more,24,竞争优势,agenda,主要的竞争优势,自学习的风险引擎 数十个风险指示器 证明: 2亿5千万用户由rsa风险引擎保护 在一个即插即用的硬件平台中将基于风险的验证和按需认证结合在一起 针对中等规模的企业，独一无二的将风险引擎与按需认证和安全问题结合在了一起 最快的部署双因素认证的方式 容易安装，管理和部署 无缝的从静态密码认证转移到强认证,25,其它竞争优势,直接和第三方设备集成 juniper, citrix, cisco和checkpoint ssl vpns 减少部署的成本和资源 任何时间地点都可以运行 任何设备，任何地点，任何时间都可以执行强验证，不需要安装或管理什么东西,26,27,与其它产品的区别,agenda,不同产品的定位,* in a future release, authentication manager w/rba will be positioned as the on-premise solution for all enterprise use cases,amx和 rsa authentication manager的差别,29,30,使用场景,agenda,销售场景#1,company healthcare company with 1,500 employees use case strongly authenticate (500) physicians and healthcare workers to an online portal rsa authentication solution options: rsa authentication manager express (recommended) advantages meets compliance requirements with zero impact to end users, flexible solution for doctors on-the-go, no physical device to carry, ideal solution for contractors rsa authentication m