Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

This Blog

About
Email

Syndication

Search

News

Hi, I've moved into an Information Security Research & Strategy role from an IAM Architecture role. So this blog site is retired. I may launch a security blog in the future. Thank you all for visiting!

Review - RSA SecurID

SecurID for Windows fully integrates with Microsoft's Active Directory and enables domain-level access management along with new offline capabilities.

At backend, RSA ACE Sever is required. The client requires the RSA ACE/Agent installed. The SecurID generates one time pass code and user types in PIN and pass code to logon. The pass code is synchronized with the backend. The authentication protocol is Kerberos in Windows. Unlike the smart card, Microsoft Kerberos doesn’t have any extensions to support OTP logon. Therefore, RSA ACE replaces SecurID with the user’s password in the background for actual authentication.

Pros:

- Relative larger installation base in the world

- Support OWA

Cons:

- Can not combine logical access and physical access in the same badge

- The underlying managed password authentication is the foundation thus the security strength is not as high as smart card