|
Applicable Version: 10.00 onwards
Overview
RSA SecurID is a mechanism developed by RSA, the Security Division of EMC, for performing two-factor authentication of a user to a network resource.
Two-factor authentication involves presentation of Two (2) of the following Three (3) authentication factors:
- Something the user knows, like a PIN or password
- Something the user has, like a key or token
- Something the user is, like user’s fingerprint or retina
The RSA SecurID authentication mechanism consists of a Password or PIN, and a Token, either hardware (e.g. a USB dongle) or software. This token is assigned to a computer user which generates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded random key known as the Seed.
A user authenticating to a network resource needs to enter both a PIN or password and the number being displayed at that moment on their RSA SecurID token. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
Scenario
Integrate RSA SecurID with Cyberoam as a RADIUS client.
Prerequisites
- Version 10 Cyberoam
- an RSA ACE/Server 5.1
- a RADIUS server (within RSA ACE/Server5.1)
Configuration
This configuration is done in 2 parts:
RSA SecurID Configuration
To configure RSA SecurID, follow the steps given below. Configuration is to be done in RSA Operations Console and RSA Server Console using Administrator profile.
Step 1: Login to RSA Operations Console
Log in to RSA Operations Console using Administrator credentials.
Step 2: Configure RSA as a RADIUS Server
Go to Deployment Configuration à RADIUS à Configure Server and provide Configuration Information as given below.
|
Parameter
|
Value
|
|
Replication Secret
|
RSARADIUSServer
|
|
Confirm Replication Secret
|
RSARADIUSServer
|
|
Master Password
|
elitecore
|
Specify Administrator credentials in the Additional Authorization Credentials section and click Configure to save Server configuration.
Step 3: Configure Cyberoam as RADIUS Client in RSA Security Console
Login to RSA Security Console and go to RADIUS à RADIUS Clients à Add New to add Cyberoam as a new RADIUS Client with given parameter values.
|
Parameter
|
Value
|
|
Client Name
|
<ANY>
|
|
ANY Client
|
Enabled
|
|
IP Address
|
192.168.2.5
|
|
Make/Model
|
- Standard Radius -
|
|
Shared Secret
|
cyberoam
|
|
Accounting
|
Disabled
|
|
Client Status
|
Disabled
|
Click Save without RSA Agent to save RADIUS Client settings.
Step 4: Add Cyberoam IP Address as Authentication Agent
Go to Access à Authentication Agents à Add New to configure Authentication Agent.
In the Add New Authentication Agent Screen, specify Hostname as Cyberoam LAN IP and click Resolve IP.
Click Save to save settings.
Cyberoam Configuration
Integrate the RSA SecurID, which is configured as a RADIUS Server, with Cyberoam. To know how to configure RADIUS Server Authentication in Cyberoam, refer to the article How To - Configure Cyberoam to use RADIUS Server for Authentication.The above configuration integrates Cyberoam with RSA SecurID as a RADIUS Client.
Document Version: 1.0 – 28/05/2012
| 
