RSA SECURID HEALTHCHECK



Similar documents
Stonesoft Corp. Stonegate Firewall and VPN

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

Lieberman Software. RSA SecurID Ready Implementation Guide. Account Reset Console. Partner Information. Last Modified: March 20 th, 2012

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

RSA SecurID Ready Implementation Guide

RSA Authentication Manager 7.1 Basic Exercises

Siteminder Integration Guide

MIGRATION GUIDE. Authentication Server

RSA Authentication Manager 7.0 Planning Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Security Provider Integration RADIUS Server

Setting Up Scan to SMB on TaskALFA series MFP s.

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Two-Factor Authentication

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

VMware Identity Manager Connector Installation and Configuration

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

RSA Authentication Manager 7.1 Administrator s Guide

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide

RSA Authentication Manager 7.1 Administrator s Guide

Abridged. for Security Domain Administrators. IT Services Iowa State University. Jan 2015

RSA Authentication Manager 8.1 Planning Guide. Revision 1

Using RADIUS Agent for Transparent User Identification

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

PineApp Surf-SeCure Quick

Cisco Secure Access Control Server 4.2 for Windows

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

RSA Authentication Manager 6.1 Administrator s Guide

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Endpoint Security VPN for Windows 32-bit/64-bit

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Mobile Admin Security

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

External Authentication with Citrix Access Gateway Advanced Edition

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft IAS Configuration for RADIUS Authorization

Secondary DMZ: DMZ (2)

Websense Support Webinar: Questions and Answers

You need to recommend a monitoring solution to ensure that an administrator can review the availability information of Service1. What should you do?

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Agent Configuration Guide

RSA Authentication Manager 6.1 to 8.1 Migration Guide. Revision 1

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

RSA Authentication Manager 8.1 Administrator s Guide

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

RSA ACE/Agent 5.5 for Windows Installation and Administration Guide

Acronis Backup & Recovery 11.5 Quick Start Guide

VMware Virtual Desktop Manager User Authentication Guide

Configuring Global Protect SSL VPN with a user-defined port

Cisco ASA. Administrators

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

How To - Implement Single Sign On Authentication with Active Directory

How to Configure an Initial Installation of the VMware ESXi Hypervisor

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Mobile Admin Architecture

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

IIS, FTP Server and Windows

Microsoft IAS and NPS Agent Configuration Guide

Use Enterprise SSO as the Credential Server for Protected Sites

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Configure your firewall for administrative access via RADIUS authentication

Managing Qualys Scanners

RSA Authentication Manager 7.0 Installation and Configuration Guide

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

F-Secure Messaging Security Gateway. Deployment Guide

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

CAC/PIV PKI Solution Installation Survey & Checklist

WhatsUp Gold v16.3 Installation and Configuration Guide

BorderWare Firewall Server 7.1. Release Notes

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

Network System Management. Creating an Active Directory Domain

DIGIPASS Authentication for Cisco ASA 5500 Series

Multi-factor Authentication using Radius

Installation Guide. SafeNet Authentication Service

Deploying F5 with VMware View and Horizon View

Configuring a Windows 2003 Server for IAS

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

RSA Security Analytics

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

DIGIPASS Authentication for GajShield GS Series

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

How To Configure L2TP VPN Connection for MAC OS X client

Administering the Web Server (IIS) Role of Windows Server

Configuring Windows Server Clusters

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Transcription:

RSA SECURID HEALTHCHECK 2MN LTD www.2mn.co.uk Telephone: +44(0)8709192892 The SecurID Healthheck is designed for IT Security professionals who implement and maintain RSA SecurID solution to help increase operational efficiency, maximize system uptime, and reduce costs. Email: info@2mn.co.uk 1

SERVER I STALL/CO FIG REVIEW PRIMARY SERVER I STALL/CO FIG 1 Does the Hardware comply with the Install Requirement? 2 Is the server a single IP or Multi-interfaces server? 3 Has a FQDN been assigned to the server? 4 Has the Server been installed successfully 5 Has the server been configured with its FQDN or short name (hostname)? FQDN recommended 6 Are all required services present and running? 7 Is the back-end database recording activities and creating server log? 8 Is the server Log Monitoring and Auditing recording any activities? 9 Is Server running in production or debug mode? Are logs rotating daily? 10 Is the server clock in synch with the system clock? 11 Is the server side authentication working? (Remote mode test or sdtest)? 12 Is there an Admin User Account with a token or static password assigned? 13 Is the server an agent host itself with a node secret set? 14 Is the server configured as a Radius client* with a shared secret and Radius ports set? 15 Is the server in a DMZ or a Domain member? 16 Is there any scanning or monitoring tool installed? If yes, is it excluding the RSA directory during its scan? Y, N, NA F, O Comments 2

REPLICA SERVER I STALL/CO FIG 17 Is Replica Server getting updates from Primary (example, is a new user creation replicated)? 18 Can users authenticate on Primary and Replica (Failover testing)? LDAP USERS SY CHRO ISATIO 19 For LDAP Synch, are users being added or updated from the remote LDAP? 20 Are LDAP Synch updates showing in the Log Monitor? PRIMARY RADIUS SERVER 21 Radius, Is the Radius Management console accessible? 22 Is the Replica Server added as a Secondary Radius? 23 Is Radius Replication up-to-date from the Radius Management? 24 Are Radius Clients also present as Agent host in the SecurID server? 25 Is Radius Test from NTRadping working from the RSA server and radius client computer? CLIE T I STALL/CO FIG REVIEW 1 Is the client defined as an agent host in the server? 2 Is the client defined with its FQDN? 3 Can the client resolve the server FQDN (forward/reverse)? 4 Has the client config file been created and available in the default location /system32/ for windows or /var/ace for UNIX/Linux 5 Is the client a multi-home workstation? 6 Has a secondary node entry been added for that multi-home client? 7 Is the client a DHCP or static IP client? For DHCP client, was the auto-registration tool installed on the client? Is the RSA server configured to allow autoregistration? 3

7 Are the agent registry keys set properly HKLM/RSA/STDI/? 8 Does the client display the server s status as active? 9 Can the client authenticate against the Primary and Replica server? 10 Does the Server Log Monitor show the agent activity? RADIUS CLIE T 11 Radius Agent (VPN concentrator) defined as Radius client and RSA agent? 12 Is the Concentrator an RSA securid ready device? 13 Is the concentrator configured to forward authentication request to the RSA Radius? 14 Is basic authentication from the concentrator working without RSA integration? 15 Are Radius profiles being forwarded along with the user credentials? U IX AGE T 16 Did the PAM agent install ok? (correct PAM version for UNIX/Linux version) 17 IS PAM /bin/acetatus displaying the server status as active? 18 Is PAM authentication working (/bin/acetest)? 19 Are all securid required agent files present with the correct permission? /var/ace 755 sdconf.rec 755 nodesecret 755 sdstatus.12 RSA AGE T API 20 Does the rsa_api.properties point to the default config files location? SDCONF_LOC=/var/ace/sdconf.rec SDSTATUS_LOC=/var/ace/sdstatus.1 SDOPTS_LOC=/var/ace/sdopts.rec SDNDSCRT_LOC=/var/ace/securid 4

BACKUP A D RESTORE 1 Is there a backup strategy in place? How often is the server backup? 2 Are the backup data, the system files and license file stored in a safe place? sddump, server.cer, server.key, license.rec 3 Can the system be restored to an operational mode using the recent backup data? Y=Yes, N=No, NA=Not Applicable, F=Finding, O=Observation 5

Date(s) of Assessment: Assessor(s): Project: Review Examined: COMME TS PAGE of # Comments and Recommendations from assessment 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information