September 01, 2006
c£9,290 for 100 users, inc three-year hardware tokens
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Excellent integration guides; wide range of application and server support
- Weaknesses: Tokens can get out of sync
- Verdict: A huge range of application and server support is backed up by a wide range of tokens and integration guides
RSA SecurID is, perhaps, the best-known two-factor authentication product on the market. There is a huge choice of installation hardware, with support for Windows Server 2003, Solaris, Red Hat Linux, HP-UX, AIX and Novell Suse Linux Enterprise Server. We installed the software on Windows Server 2003.
The product is managed through the RSA Authentication Manager management console. It can link with an LDAP server, such as Active Directory, so that you can pull in your existing users. Unfortunately, you can't manage tokens directly from your current directory management tool.
There's a good range of hardware and software tokens, including software clients for BlackBerry, Java phones and Pocket PC. The tokens work a little differently to the other products we tested, in that a new single-use code is automatically generated every 60 seconds.
This means that registering new tokens has to be done with the provided CD, as this gives the server the required seed record to synchronise its key generation with the token's. It's a bit more work than asynchronous systems and means that the tokens can get out of sync with the server.
User management is fairly easy. You can choose a policy for each user, which defines the types of authentication they must provide to access network resources.
Authentication from other applications is handled by agents, with most web servers supported. We tested using IIS, which adds a new tab in a file's properties page, where you can add RSA protected access. There is also support for Windows domains, so you can get protected access from your client Windows XP machines.
RSA supplies an agent for Outlook Web Access, and Microsoft offers an IIS filter to perform SecurID authentication for web pages. The authentication manager also has a built-in Radius server, so you can integrate SecurID with other devices such as VPN appliances, and RSA has done a fair amount of integration with third-party APIs. One of the benefits of being a large supplier is that there is a lot of experience at the company; for example there are more than 250 integration guides to help you get SecurID working with your products.
SecurID's management might not be the best, but its integration with third-party products is second-to-none.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime