Join 3,557 readers in helping fund MetaFilter (Hide)


What do i do with all these RSA tokens?
December 15, 2008 12:31 PM   Subscribe

I just had a bunch of RSA tokens land in my lap. What's required on the other end of an RSA authentication scheme, and what's a good resource for learning what's necessary to implement it?

So we got a mess of these IronKey secure flash drives.

They came with an add-on I hadn't expected - each one has an RSA token generator (software, not hardware) included.

I'd like to roll them into our system, especially to harden access for a Terminal Server. (It's an all-Windows shop.)

But where to get started? New to me, and I'm looking for information about what's involved in implementation, with a focus on doing it yourself or on the cheap.
posted by bartleby to Computers & Internet (3 answers total)
 
you need rsa's aceserver authentication server. i believe they have one for windows. not cheap, but it's one of the auth schemes that's considered state of the art for financial and security companies in my experience.

the aceserver will speak RADIUS, which means you can use it for most console servers.
posted by rmd1023 at 12:50 PM on December 15, 2008


But where to get started? New to me, and I'm looking for information about what's involved in implementation, with a focus on doing it yourself or on the cheap.

Not sure on the costs of implementing this system but supporting RSA isn't cheap - most orgs only use the RSA Secure ID's for authenticating remote access.

Long term costs: You'll need 7 X 24 support - the tokens go out of synch rather easily and need to be re-synched frequently, there is an account administration portion of the RSA setup which does require an account setup, and your user base will forget their pin number. RSA fobs also expire after a certain date, and are expensive to replace (and if you have international offices, expect to pay duty when they cross the border). RSA fobs can also be a pain if you have users working off the network for long periods of time and don't have a local log on because the offline codes quite frequently stop working.
posted by Deep Dish at 1:03 PM on December 15, 2008


I don't think you have RSA tokens. You have RSA-ready devices (same as a blackberry or windows desktop is "securid ready" if you also purchase a soft token license).

Call your RSA rep. They'll step you through how to get started.

"Cheap" is a meaningless word in this discussion. List price to get started is around a couple of grand for the first 10 users (per user one-time fee, per user per year maintenance/license, plus per token purchase). YMMV for your var discount.

Call your RSA rep. Or call your VAR.
posted by devbrain at 1:38 PM on December 15, 2008


« Older What do I do with a hundred US...   |  What are some amazing virally-... Newer »
This thread is closed to new comments.