Information on Security Dynamics'
ACE/Agent for Windows 2000
Security Dynamics Technologies Inc. (SDTI) – with its wholly owned subsidiary RSA Data Security – is the recognized leader in authentication management and encryption. With more than 3.5 million SecurIDä authentication tokens in use today and more than 80 million copies of RSA encryption technologies installed worldwide, Security Dynamics is the leading provider of enterprise security solutions for local and remote network access.
Security Dynamics’ ACE/Agentä for Windows 2000 provides enterprises with the ability to add strong authentication management and encryption to their Windows 2000 environment. Microsoft is including the ACE/Agent on the Windows 2000 CD. This proven security solution complements and enhances the existing security features included in the Windows 2000 environment.
More information is available:
ACE/Agent for Windows 2000
Introduction to ACE/Agent for Windows 2000
Security Dynamics’ ACE/Agent for Windows 2000 combines industry leading strong authentication and encryption technologies to protect access to vital information assets stored in Windows 2000 networks.
Built on award-winning SecurID authenticators (hard tokens, soft tokens, and smart cards) and the ACE/Server authentication services, organizations can be assured that only authorized users are gaining access to sensitive information stored in the corporate network, intranet or extranet. The combination of these three components provides an enterprise the ability to take advantage of strong, user or device authentication in the Windows 2000 environment in order to strongly validate and authenticate each user prior to allowing access to sensitive information and electronic assets.
These solutions provide strong user and device authentication and access controls for a variety of Windows 2000 system services, including:
- Windows RAS service
- Internet Information Web Server (IIS)
- Local login (GINA)
The ACE/Agent is a critical element of this solution because it acts as a sentinel for all of these services, only providing access after each individual has supplied two independent factors that strongly validate the user, including a PIN number and one-time passcode generated by the SecurID tokens.
EAP Support
ACE/Agent for Windows 2000 supports EAP (Extensible Authentication Protocol). EAP allows third-party authentication modules to interact with Windows NT RAS Point to Point (PPP) implementation. EAP is an extension to PPP, providing a standard support mechanism for multiple authentication schemes such as token cards, Kerberos, Public Key, and S/Key. By supporting EAP, the ACE/Agent for Windows 2000 can support PPP, PPTP, L2TP, X.25 and other remote access protocols.
Highlights of ACE/Agent for Windows 2000:
Leverages strong, two-factor user authentication
Provides users with portable credentials for accessing intranets and extranets
Incorporates public key technologies ( X.509 and RSA-based SSL encryption) to manage user credentials
Ensures user accountability
Allows for quick deployment of secure Web applications
Integrates seamlessly with Windows 2000 management features and console
Benefits of ACE/Agent for Windows 2000:
Supports many remote access solutions through EAP (including PPTP, RAS, X.25, ISDN)
Secures access to high value or regulated information
Delivers single sign-on across multiple secure Web applications using a single SecurID authenticator
Enforces fine-grained access control to information offered through IIS Web servers
Protects back-end databases through authenticated front-end Web access
Installing the ACE/Agent for Windows 2000
To install the ACE/Agent for Windows 2000, insert the Microsoft Windows 2000 CD-ROM in the CD drive, then run the setup.exe program located in the \valueadd\3rdparty\security\sdti directory.
Architecture Overview
Security Dynamics enterprise security enhancements to the Windows 2000 environment are made up of three main components:
The SecurID Token:The SecurID token is the portion of the solution that is held by the end user. It generates a new token code every 60 seconds. The tokencode can be up to 8 digits long (4-8 digits are the options) and comes in a number of form factors. These form factors include hardware tokens (token cards and key fobs), software tokens (thin client software), and smart cards. The token is used to generate a token code for authentication during either a remote access session, IIS web server access session, or Windows 2000 desktop access session.
The ACE/Agent for Windows 2000:The ACE/Agent can be installed on the RAS server, the IIS web server, and the Windows 2000 desktop. The role of the agent is to interrupt the communication process on those machines and force the end user to provide valid authentication information, including the user’s username, PIN and passcode, before allowing the communication to continue. The ACE/Agent takes the information supplied by the user, adds information about itself, encrypts the information, and sends it to the ACE/Server.
The ACE/Server:The ACE/Server is the component responsible for centrally managing all of the information about each user, every SecurID token and each ACE/Agent. It receives authentication requests from the ACE/Agent and generates a passcode for the end user who is requesting authentication. The ACE/Server compares the passcode it generated and the passcode that has been supplied from the end user via the ACE/Agent. Since the SecurID token and the ACE/Server were synchronized at the time of deployment using the same seed value used by the algorithm, the passcodes should match provides the user enters the correct PIN number.
As a result of this communication process, the end user is either positively identified and authenticated, asked for more information (e.g. next token code), or denied access to the RAS service, IIS Web page, or Windows 2000 desktop which they are trying to access. Once the end user is authenticated, both the ACE/Agent and ACE/Server drop out of the communication path and end user continues their work.
For more information about products from Security Dynamics Technologies, Inc.
For further information about ACE/Agent for Windows 2000, ACE/Server, or SecurID tokens visit Security Dynamics Technologies, Inc on the World Wide Web athttp://www.securitydynamics.com/hotspot/ntsecure99.
Download a Free Trial of ACE/Server and SecurID
ACE/Server provides centralized, strong authentication services for enterprise networks, ensuring that only authorized users gain access to network files, applications and communications.
Download the Free ACE/Server Trial now.
Contact us:
You may also contact us at athttp://www.securitydynamics.com/contactus/
Our postal mailing address and telephone numbers are:
Security Dynamics Technologies, Inc. | 20 Crosby Drive Bedford, MA 01730 | 1-800 SECURID