rsa securid appliance setup & administration
Post on 31-Dec-2015
55 Views
Preview:
DESCRIPTION
TRANSCRIPT
RSA SecurID Appliance
Setup & Administration
Michal ČervinkaSOFT-TRONIK, a.s.michal.cervinka@soft-tronik.cz
More about HW
• Intel Pentium 4 Celeron 2.53 GHz Processor.
• Intel 865G + ICH5 Chipset
• Intel 2x 1Gigabit & 2x 10/100 Ethernet Controller
• 512MB DDR400 Memory Module (Support Memory up to 4GB.)
• 1x3.5" SATAII 80GB HDD
• 1 X Keyboard Port, 1 X VGA Port
• 3 X USB 2.0 interface (you can use USB memory dev.)
• 3 X Cooling FAN (2 - System / 1 - Power Supply)
• Power Supply 350W, Cons. 160W
• 1U Rack Mount Form Factor
More about SW
• Hardened Windows 2003 Server Standard Edition
• RSA Authentication Manager 6.1
• RSA Authentication Agent 6.1 for Windows (local auth.)
• RSA Authentication Agent 5.6 for IIS
• Web Administration Application
• RSA Radius Server 6.1
• SNMP Agent Plug-in
Initial Setup
• appliance address displayed on LCD, address your laptop and connect to https://192.168.100.100:8098
• user name administrator and the temporary password [RSAAppliance] (including the brackets)
• choose primary / replica setup
• go through the QuickSetup wizzard— set date and time
— change administrator password
— hostname, domainname, IP settings
— provide license
— import token records
— assign token to administrator and test
— enable authentication and finish
Understanding Admin Accounts
• Administrator – standard admin, always requires token, consumes a license
• AdminWebUser – internal (web server) use, don’t change
• rsaLocalAdmin – emergency access only
• Create more …
Basic Appliance Administration
• simple, intuitive web-based administration interface (https://<appliance>:8098)
• “Administrator” – instant standard admin account
• Token authentication is a “must”
Advanced Appliance Administration
• Windows Server administration via RDP over SSL
• Traditional Authentication Manager admin tools via RDP over SSL
• Traditional AM remote console
Emergency Access
1. turn-off
2. connect keyboard+monitor
3. turn-on
4. Login as rsaLocalAdmin
5. run db-admin
Resetting to Factory Defaults
1. turn off
2. turn on
3. on the first beep turn the dial clockwise
• You will loose all the upgrades and optional installations
Backup
• Online-backup script: c:\authmgr\scripts\rotatebackup.bat
• Creates MS .cab file
• By default runs once a week (windows scheduler)
• Accessible at https://<appliance>:8098/admin/ACE/backup_dwnld.asp
Restore
• Copy .cab to the appliance and unpack
• Stop AM services
• Create empty databases (run sdnewdb.exe)
• Load databases (server and log)
• Owerwrite sdconf.rec
• Create windows admin account if needed
• Restart the appliance
Patches and Upgrades
• OS
• AM components
— Download the upgrade bundle, extract
— Run setup
— Reboot if needed
Monitoring
• E-mail Alerts (Event Log)
• SNMP Traps
— Authentication Manager
— Authentication Agent
— Radius
• Scheduled restart
top related