RSA SecurID Ready Implementation Guide

5. Product’s ACE/Agent configuration

The LRS supports the ACE/Server security system manufactured by RSA Security Inc. ACE/Server is a system of client-server software and accompanying token cards.

Note: Refer to your RSA Security documentation for ACE/Server installation instructions.

The SecurID card generates single-use, unpredictable numerical codes. These "tokencodes," together with the user's PIN, form the basis of the SecurID authentication. The PIN and generated tokencode are referred to collectively as SecurID PASSCODES. To gain access to a network protected by SecurID, both elements of the PASSCODE must be entered correctly.

The RSA Security SecurID system requires certain communication between the ACE/Server and the end-user. For example, the user must enter a new PIN when a SecurID card is first used, and a second PASSCODE when locked out.

PAP does not allow for these types of messages or additional user input. Therefore, it is strongly recommended that SecurID be run from character mode only. It is possible to use SecurID with PAP, provided that situations like those mentioned above are either prevented or handled in text mode on the next call.

To log into the LRS, the user must enter a username at the username prompt, and the PASSCODE at the password prompt.

To specify the SecurID ACE/Server for authentication of username/ PASSCODE, use the Set/Define Authentication SecurID command:

Figure: Configuring the LRS to Use SecurID

Local>> DEFINE AUTHENTICATION SECURID PRECEDENCE 1 Local>> DEFINE AUTHENTICATION SECURID PRIMARY 192.0.1.50 Local>> DEFINE AUTHENTICATION SECURID SECONDARY 192.0.1.51

After SecurID is configured on the LRS, the LRS will receive further configuration information from the ACE/Server. However, this only happens the first time that the LRS and ACE/Server communicate. If you purge the authentication information on the LRS or change the precedence of SecurID, this learned information will be lost. You will need to have your ACE/Server administrator reinitialize the LRS with ACE/Server for SecurID to function properly again.

If SecurID receives repeated authentication requests for an invalid username/password pair, it assumes that a login attack is taking place. SecurID will react by continually slowing its responses to the LRS. This problem can be avoided by ensuring that SecurID has the highest precedence number. For example, if you're using SecurID, Kerberos, and a UNIX password file, set SecurID's precedence to 3.

4

Page 4
Image 4
RSA Security LRS32F, LRS16, LRS2 manual Product’s ACE/Agent configuration, Figure Configuring the LRS to Use SecurID

LRS16, LRS2, LRS1, LRS32F specifications

RSA Security has long been a prominent player in the field of cybersecurity, continually evolving its product offerings to meet the changing landscape of digital threats. Among its various products, the RSA LRS (Logging and Retention Services) series, specifically the LRS32F, LRS1, LRS2, and LRS16, stands out as essential tools for organizations seeking robust logging, monitoring, and compliance capabilities.

The LRS32F is lauded for its extensive storage capacity, making it ideal for large organizations that generate substantial amounts of log data. With advanced data compression technologies, it ensures that even with vast amounts of information, the storage space is utilized efficiently, enabling organizations to retain logs for compliance and forensic analysis without running into storage limitations. Its high-speed indexing and retrieval features allow security teams to quickly access historical data for incident response and audit purposes.

The LRS1 model serves as an entry-level solution designed for smaller enterprises or those with less demanding log management needs. Despite its more modest capabilities, it still offers essential features like real-time monitoring and alerting, ensuring that potential threats are swiftly identified. The user-friendly interface simplifies the process of log analysis, making it accessible even to teams with limited cybersecurity expertise.

Moving on to the LRS2, this model occupies a middle ground between the LRS1 and LRS32F, providing enhanced functionality without the complexity needed by larger organizations. It includes advanced correlation capabilities that allow for deeper insights into security incidents by cross-referencing multiple data sources. This feature is particularly valuable for identifying patterns and trends that may indicate evolving threats.

Lastly, the LRS16 is engineered for enterprises with high security demands and regulatory compliance requirements. It integrates seamlessly with RSA's broader security ecosystem, enabling organizations to leverage their existing security investments. The LRS16 excels in features like data encryption and access controls, which are critical for maintaining the confidentiality and integrity of sensitive log data.

All models in the LRS series utilize state-of-the-art technologies, including machine learning algorithms that enhance the system’s ability to detect anomalies and potential breaches. They provide comprehensive reporting capabilities, ensuring organizations can meet compliance requirements from various regulatory bodies.

In conclusion, the RSA LRS series—LRS32F, LRS1, LRS2, and LRS16—offers organizations a scalable and robust approach to log management. Each model is tailored to specific needs, making them invaluable tools in the ongoing battle against cyber threats while aiding in compliance efforts across industries.