RSA SecurID Appliance
February 01, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Excellent appliance version of RSA’s authentication suite.
- Weaknesses: Setup was finicky and management requires IE.
- Verdict: Excellent for two-factor tokens without management complexity.
This appliance is aimed at SMEs wanting two-factor authentication, but which cannot manage their own authentication server. It supports up to 250 users, and automates much of the normal hassle of configuration and management. Despite the SME focus, a larger enterprise might use it to give a core group of users strongly authenticated access to intranet resources.
The appliance is a 1U rack-mountable device, but will be just as comfortable on a desk: it is astonishingly quiet. The box contains a 2.4GHz Intel and 512MB RAM, one hard drive and runs Windows Server 2003 and RSA Authentication Manager.
An LCD panel shows the status, usually the IP address and hostname and whether the device is a primary or secondary.
Set-up is quite sensitive – any other device on the network seemed to result in the appliance refusing connections. And while the reset options can be easily restored to their factory defaults, the front display tells you little about the progress, and the restore takes several minutes while the hard disk is re-imaged and Windows runs through its first-boot set-up. With no feedback or network activity, you might be tempted to restart the appliance, which can leave it non-functional.
Once connected, the device is managed via a web browser over a secure connection, although we were disappointed to see it relies on ActiveX controls and requires Internet Explorer. We would prefer standard browser support, with Java, so it can be managed from, say, an Apple PC using Firefox.
The interface is clean, easy to navigate and has all the right functions for simple environments.
RSA’s login process consists of a username and password, which change every 60 seconds.
RSA has made configuring new users as simple as possible, although with two-factor authentication it must be done per user.
With users configured, the real work begins: setting up resources to authentication using the RSA service. This will typically be in any of three situations: traditional VPN access; local logins replacing Windows login passwords with two-factor authentication; and protecting websites.
We first tested RSA’s Windows login agent in early 2005, and it performed well, with the only downside being higher complexity in the server backend than other products. Coupled with the RSA appliance, the solution really takes shape, and RSA has achieved a major milestone: delivering easily managed strong authentication for small and medium-sized networks.
Web authentication is also easy to configure: sites and URLs to protect are configured and resource files provided that can be used to configure agents on supported platforms such as IIS and Apache.
Elsewhere in the management GUI are options for managing users, in particular maintaining tokens and users. Assigning existing tokens to new users and revoking privileges is easy, too.
Apart from some problems in initial set-up and a strong MS bias, we found little to dislike in RSA’s first foray into the appliance space. Anyone used to ACE/Server or RSA Authentication Manager may find it restrictive, knowing the full capabilities of the platform are tucked out of sight. But for SME administrators without that sort of experience, RSA has done a fantastic job reducing the learning curve and simplifying the process of installing agents and protecting web pages.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry