Securidsalesguide

Transcript

3 Welcome Note 4 RSA SecurWorldTM Channel Philosophy 5 RSA Security Overview RSA SecurID® Solutions Guide 9 RSA SecurID® - Solutions for VPNs 14 RSA SecurID® - Solutions for Citrix 19 RSA SecurID® - Solutions for Wireless RSA SecurID® Two-Factor Authentication 25 Inside an RSA SecurID ® Solution 27 RSA SecurID® Authenticators 29 RSA ACE/Server ® Software 33 RSA ACE/Agent ® Software 35 RSA SecurCare® Maintenance RSA SecurID® Sales Toolkit 37 10 Facts about Authentication in an e-Business World 39 Sales Questioning Strategies 41 Objection Handling 45 Frequently Asked Questions How to Quote an RSA SecurID® Solution 55 How to Quote a New Customer 57 How to Quote an Upgrade for an Existing RSA SecurID® Customer 61 How to Quote a Mid-Tier License Pricing 61 How to Reinstate Maintenance 62 How to Place an Order 65 RSA SecurID® Starter Kit RSA SecurWorldTM Partner Resources 67 Partner Resource Center 68 Web-Based Sales Training 69 Professional Services & Education 71 75 Useful RSA Security URLs Security Glossary 80 RSA Security Contact Details 83 RSA Security Distributors 2 w e l cwoem e lcome “ This Guide is designed to help you, our valued partners, successfully sell RSA SecurID ® two-factor authentication solutions. Consider it your one-stop resource that you can refer to regularly as your customers continue to demand a trusted environment to conduct secure business online. In this Guide, you’ll find everything from RSA SecurID solution guides—VPN, Citrix and Wi re l e s s — to questioning strategies and to how to quote an RSA SecurID solution. Please send feedback about this Guide to [email protected]. Good Selling! ” Brien Naylon Vice President, Americas Sales RSA Security 3 RSA Security RSA SecureWorld Channel Philosophy RSA Security is guided by the principle that solid relationships build businesses. We believe that by closely integrating channel partners into our sales team, our chances of mutual success is amplified. Knowledge is shared. Ideas are shared. Goals are achieved. As a trusted solutions provider, you are driven to strategize and recommend the best total solution to your customers. As your partner, we are focused on helping you succeed. From leading technology, solutions, programs and support, RSA Security has what you need to foster customer relationships and grow your business. The RSA SecurWorld Partner Program constantly evolves as we strive to improve and make the program work better for you. We do this with your feedback. Education, training, sales and marketing programs – all are designed to enrich your knowledge and create market demand. Together, we are entering new markets, leveraging products and services and solving tough customer problems. In new and powerful ways. And we believe it’s just going to get better. 4 ™ RSA Security Overview w w w. r s a s e c u r i t y. c o m T H E C O M PA N Y With thousands of customers around the globe, RSA Security (NASDAQ: RSAS) provides interoperable solutions for establishing online identities, access rights and privileges for people, applications and devices. Built to work seamlessly and transparently in the complex environments of thousands of customers, the Company’s comprehensive portfolio of identity and access management solutions — including authentication, Web access management and developer solutions — is designed to allow customers to confidently exploit new technologies for competitive advantage. RSA Security’s strong reputation is built on its history of ingenuity and leadership, proven technologies and long-standing relationships with more than 1,000 technology partners. AUTHENTICATION – A key component of an Identity and Access Management Strategy. RSA SecurID® – two-factor authentication using time-synchronized tokens and smart cards. The RSA SecurID ® system is the world’s leading two-factor user authentication solution, relied upon by thousands of organizations worldwide to protect valuable network resources. More than 15 million people around the world use RSA SecurID authenticators to securely access VPN and Remote Access applications, Web servers and applications, network operating systems and more. “ The RSA SecurID ® system is the world’s leading two-factor user authentication solution. ” 5 RSA Security “ RSA Security’s strong reputation is built on its history of ingenuity and leadership, proven technologies and long-standing relationships with more than 1,000 technology partners. ” RSA® Mobile – two-factor authentication for a mobile world. RSA® Mobile technology is an innovative authentication solution designed to protect Webbased resources by providing two-factor user authentication through the use of existing mobile phones and PDAs. RSA SecurID® Passage – smart badging: smart cards and physical access. RSA SecurID® Passage is an innovative smart card and digital credential solution that enables strong user authentication to networks and multiple applications. Designed to provide an unprecedented level of security, mobility and control, RSA SecurID Passage replaces static passwords with a Java ® platform smart card for user authentication to workstations, networks and sensitive data. Its Java Card multi-application capability enables you to deploy other applications — ranging from electronic purse to custom designed employee applications — to the same card. RSA Keon® – digital certificate management. RSA Keon® software is a family of interoperable modules for managing digital certificates and creating an environment for authenticated, private and legally binding electronic communications and transactions. RSA Keon solutions include: • RSA Keon Web Server SSL • RSA Secure e-Mail Solution • RSA Secure e-Forms Signing Solution • RSA Smart Badging 6 “ RSA Security’s offerings are a set of open, standards-based products and technologies designed to help organizations deploy new applications securely, while maintaining corporate investments in existing infrastructure. ” WEB ACCESS MANAGEMENT RSA ClearTrust® – policy-based access to Web applications. The RSA ClearTrust® System enables secure access to Web-based resources and is designed to work within intranets, extranets, portals and exchange infrastructures — all while providing users with transparent, single sign-on (SSO) across multiple applications. This easy-to-deploy, rules-based solution is built to integrate with existing infrastructures and provides the scalability to support growing e-business requirements. DE VE LOPE R SOLU TION S RSA BSAFE® and RSA® e-Sign – software development toolkits. RSA Security Developer Solutions are one of the most widely used e-security software components in the world. More than 1,000 organizations have used RSA Security software development kits (SDKs) to help lower their cost of development, shorten their time to market with new products and increase revenue by accessing new market opportunities. Our RSA BSAFE and RSA e-Sign SDKs are designed to provide high-performance security based on more than a decade of extensive engineering and cutting-edge cryptographic advancements. C O MM ITMEN T TO INTE ROPE RABI LITY RSA Security’s offerings are a set of open, standards-based products and technologies designed to help organizations deploy new applications securely, while maintaining corporate investments in existing infrastructure. In addition, the renowned RSA Secured® technology partner program helps ensure interoperability between RSA Security applications and those of our RSA Secured partners. For more information regarding the RSA Secured Partner Program, please visit www.rsasecurity.com/partners 7 RSA Security S TA N D A R D S D E V E L O P M E N T RSA Security builds solutions based on industry standards, ensuring the interoperability customers need to be successful in their e-business endeavors. Additionally, RSA Security keeps current on industry developments, playing active, leadership roles in standards development initiatives — such as Liberty Alliance, OASIS, IEFT and WS-Security — to ensure technical superiority and interoperability of our solutions. For more detail on standards initiatives, please visit www.rsasecurity.com/solutions/standards. CUSTOMERS RSA Security customers span a wide range of industries, with extensive presence in the e-commerce, financial services, government, healthcare, pharmaceuticals, biotechnology, aerospace, telecommunications, manufacturing, utilities and consumer arenas. WORLDWID E S ERV ICE A ND S UPPORT With sales and 24x7 support offices in major international regions, RSA Security is able to provide our customers with timely responses to their requests and inquiries. For more information regarding the RSA Security support services, please visit www.rsasecurity.com/services GL OBAL P RESE NC E RSA Security is a truly global e-security provider with representation in nearly 50 countries. The RSA SecurWorld ™ Channel Program brings RSA Security’s products to value-added resellers and distributors worldwide. For more information regarding the RSA SecurWorld Channel Program, please visit www.rsasecurity.com/partners. 8 RSA SecurID ® Solutions for VPNs w w w. r s a s e c u re d . c o m CUSTO MER SC ENARIO Prospect needs to provide Microsoft ® Outlook® email to 200 sales people across the country. He is interested in learning about VPNs. DISCOVERY QUES TIONS • Do you have a security policy for remote users? The reason I am asking is VPNs provide privacy, not security. • What would happen if a hacker penetrated your company’s network through the VPN? • Besides the sales people, are there other groups within your company who would benefit from accessing information anywhere, anytime? • When did you last go through an audit? How did you fare? • Do you know how much you spend on managing your multiple username/password databases? • Can you quantify an associated cost to your company if you were breached? • Do you have the ability to determine if you have been breached? • Does a central and consistent strong authentication solution appeal to you? • What are the challenges you face in your role? • Can you share with me the goals of the company for this year? 9 RSA SecurID Solutions Guide P O S I T I O N I N G S TAT E M E N T S Virtual Private Networks (VPNs) are an extremely cost-effective way to enable remote user access to valuable corporate resources. VPNs use privately encrypted channels for remote communication via the public Internet, effectively eliminating the need for costly dedicated dial-up phone lines. While VPNs create encrypted tunnels to protect data in transit, simply using passwords to authenticate VPN users does not guarantee an end-to-end secure solution. An average person uses two-factor authentication every day when using bank ATM cards, so why wouldn’t users expect the same when accessing corporate assets such as employee data and customer data or transacting on the Web? OB JE CTION HAN DLING IN VPN ENV IRONM ENTS We don’t need RSA SecurID® Two-Factor Authentication - we already have a firewall and/or VPN. • A firewall shows that you have a sense of the importance of security for your organization. But if you are authenticating through the firewall with passwords, there is still a vulnerability in your IT infrastructure. • A VPN ensures that your data is private and encrypted, but this does not ensure that you know who is on the other end of the communication. • Privacy does not necessarily mean security. Strong authentication is also as critical as a firewall or VPN because it prevents unauthorized entry in a way that static passwords do not. • RSA SecurID technology is designed to work “out of the box” with the leading VPN vendors such as Cisco, NetScreen, Checkpoint and Nortel. 10 Passwords are secure. Why would I need more protection? • Your systems and your information are now connected to outside networks that you have little or no control over. This can create serious vulnerabilities. Passwords can be sniffed (eavesdropped), cracked via dictionary attack programs, shared by users, copied from post-it notes stuck on PC monitors, etc. Tokens are too expensive. • Did you know that passwords are a costly option? Consider the cost of helpdesk calls, and if you’re managing passwords appropriately they are changed every 60 days. Password reset and administration has been tracked at approximately 40% of help desk time. • Studies have shown that the cost of one security breach can be many times higher than the cost of tokens should anyone access your systems (that is AFTER they invade your systems, since you won’t know until it’s too late). • Reputation is everything to the large organization. Consider the Public Relations embarrassment to your corporation, with potential shareholder lawsuits, network downtime, loss of customers as well as potential new customers, loss of productivity if your information was compromised. Which areas within your organization would be the most hurt and what would that translate into dollars lost, should a break in occur due to unauthorized access? 11 RSA SecurID Solutions Guide We’ve never been hacked. Why would I need Two-Factor Authentication? • How do you know if you’ve been hacked? If an unauthorized person obtained a valid password, how would you know the incident occurred? Studies have shown that the vast majority of companies attacked during experiments never knew they were hacked. The latest CSI/FBI Computer Crime Survey shows that total (reported) losses of companies attacked exceed $350 million. • Can your company afford unauthorized access and the risks associated with unauthorized users obtaining valuable employee payroll data, customer profiles and client information WITHOUT your knowledge? Proactive management of all your resources is vital. P R E S E N TATI O N O F S O L U T I O N Have confidence in knowing who is accessing your network remotely. RSA SecurID® technology and an RSA Secured VPN solution establish end-to-end security and user authentication for remote access. Major VPN providers like CheckPoint, Cisco, NetScreen and dozens of others design their VPNs to work with RSA Security, so you can be sure the RSA SecurID solution will operate simply and flawlessly in almost any environment. 12 R EQUIRED PRO DUC TS • RSA SecurID® authenticator for each user • RSA ACE/Server ® license • RSA SecureCare® maintenance • Hardware to run RSA ACE/Server ® software 13 RSA SecurID Solutions Guide RSA SecurID ® Solutions for Citrix CUST OMER SC ENARIO Prospect needs to provide anytime, anywhere, any-device, any-connection access to the enterprise that must deliver business-critical applications and information quickly and efficiently. Continuous access to real-time information is integral to success. Accomplishing this across the Internet, or any network, requires robust, centralized application delivery and management capabilities. Some key needs that many enterprise, SME customers, financial, healthcare and governmental organizations have: • Accelerate delivery of a full range of business applications—including ERP, CRM and office productivity software. • Enable rapid technology integration following mergers and acquisitions and ensure the continuity of business processes during transition. • Integrate diverse branch office platforms and technologies into a cohesive enterprise network. • Provide your mobile workforce with real-time remote access to business-critical applications and data. • Increase productivity by giving telecommuters and road warriors a familiar desktop-togo—accessible from anywhere. 14 DISCOVERY Q UE STIONS What Citrix products do you use? How do you ensure secure access to corporate resources? What is your main purpose for using Citrix? • Application access (Internal to the Firewall or remote users?) • Replacing your current VPN application? Are you offering Web based access to your Citrix environment? How many applications are you offering via Citrix? Are there other applications that are offered via other application servers? How many internal and external users do you support? What is your growth pattern for the next 12-18 months? Are you currently offering Citrix over the Internet? Is this planned for the future? How are you currently authenticating users? How do you plan to manage passwords to Citrix applications in the future? 15 RSA SecurID Solutions Guide P O S I T I O N I N G S TAT E M E N T S The Citrix MetaFrame Access Suite solves enterprise access challenges by enabling efficient, centralized management of heterogeneous computing environments, while providing secure, on-demand access to a wide array of resources from any location, device or connection. RSA SecurID® technology offers superior user authentication. Based on RSA Security’s technology and expertise in encryption, the RSA SecurID implementation is highly secure. RSA SecurID technology uses a patented, time synchronous, two-factor authentication mechanism to validate users. Combined together, RSA SecurID technology and Citrix MetaFrame Access Suite offer customers the best of both worlds – strong user authentication and secure access to corporate resources. OB JEC TION HAN DLING Why do I need stronger authentication? Isn’t domain authentication sufficient? • Passwords can be easily hacked or stolen with tools readily available on the Internet. See L0phtcrack at [email protected] • Password security is greatly reduced by users who frequently choose passwords that are easily guessed or written down. • Inadequate password policies often fail to meet security audits. • Passwords can be costly to manage due to frequent help desk calls for password resets. 16 I don’t have the funds to purchase Citrix and RSA SecurID® authentication at the same time. One will have to wait. Probably RSA Security. • Once you offer applications to the outside world you can’t afford to leave them unprotected. • RSA SecurID technology is an inexpensive insurance policy on your intellectual property. • One breach can cost an organization millions of dollars in damage. • Goodwill can be damaged due to the Breach Notification Law. All companies that have been breached must make it public. There are other, less expensive two-factor solutions to choose from. • RSA Security and Citrix have been strong partners for years and have worked closely to ensure the customer has the needed integration. • Current integration includes additional features such as single page authentication including Tokencode and domain authentication on one screen. • RSA SecurID authentication has a zero footprint and requires no client software. • Citrix employees all carry the RSA SecurID Key Fob. 17 RSA SecurID Solutions Guide REQUIR ED PR ODU CTS • RSA SecurID® authenticator for each user • RSA ACE/Server® license • RSA SecureCare® maintenance • Hardware to run RSA ACE/Server ® software • Citrix 18 RSA SecurID ® Solutions for Wireless CUSTOMER SCENARIO Prospect is deploying wireless LANs (WLAN) to enable users to establish and maintain a wireless network connection throughout or between buildings. They are also seeing an increase in PDA’s, pocket computers and other wireless devices among their user community. The prospect, your customer, is concerned about the lack of authentication to wireless LANs. Additionally, there is a concern about the security of data being transmitted via wireless devices. DISCOVERY QUEST IONS Which wireless products do you use or are you planning to implement? (Cisco Aironet®, Proxim ORiNOCO, Funk Odyssey Server). What is the single biggest barrier preventing your organization from deploying WLANs? How do you plan on ensuring that only legitimate employees have access to your wireless LAN? P O S I T I O N I N G S TAT E M E N T S By offering numerous benefits over the traditional wired network, Wireless Local Area Networks, or WLANs, have become one of the fastest growing methods for network access today. Studies have shown that not only do organizations reduce overall network infrastructure costs, but employee productivity also increases. 19 RSA SecurID Solutions Guide On the other hand, because WLANs broadcast data into the public airwaves they are inherently more vulnerable to attacks. Even with proper security policies in place, using password authentication increases the risks of allowing unauthorized access to a WLAN. • Passwords can easily be stolen by rogue clients. • Password security is greatly reduced by users who frequently use easily guessed passwords. • Lack of positive user identification is a major barrier preventing organizations from the cost saving benefits of WLANs. OBJEC TION HAN DLING IN WIRELE SS ENVIRONM EN TS We don’t need a RSA SecurID® solution for our WLANs – we already use a VPN. • Using a VPN in a wireless environment is a smart choice. It provides strong encryption of data as it travels across the airwaves. But if you are authenticating through the VPN with passwords, there is still vulnerability in your wireless infrastructure. RSA SecurID technology is designed to integrate easily with all the leading VPN vendors – right out of the box. • A VPN ensures that your data is private and encrypted, but this does not ensure that you know who is on the other end of the communication. • Strong authentication is also as critical as a VPN because it prevents unauthorized entry in a way that static passwords do not. Most security experts agree there is no single solution to all of your network security problems. You need to combine elements from several areas of security to have an effective solution. Without strong authentication, your VPN is not totally protecting your network. 20 Wireless security standards are changing too fast – we’ll wait. Recognizing the need for stronger user authentication methods in a wireless environment, the IEEE has introduced Extensible Authentication Protocol (EAP). Several companies including Cisco and Funk Software have developed commercial versions of EAP that provide the ability to authenticate users with one-time password solutions such as that offered by RSA SecurID® solutions. P R E S E N TATI O N O F S O L U T I O N Using RSA SecurID technology to authenticate your users helps overcome the issues of security, one of the biggest obstacles preventing many organizations from deploying WLANs. Enterprises who rely on RSA SecurID user authentication for secure remote access in a wired environment wish to use the same security paradigm for WLAN access. RSA SecurID twofactor authentication is based on something you know (a PIN) and something you have (an RSA SecurID authenticator) – providing more secure and cost effective user authentication to a WLAN than reusable passwords. There are two primary ways that customers can provide security for their wireless environments. One method is to implement a VPN over the wireless network and to secure access to it using RSA SecurID technology. In this manner, the user gets data privacy through the VPN and strong user authentication via RSA SecurID authentication. (See Figure A.) 21 RSA SecurID Solutions Guide The second way is to implement a solution that supports the 802.1x standard and PEAP (Protected Extensible Authentication Protocol) such as that offered with the Cisco Aironet® product and Cisco Access Control System (ACS) or EAP/TTLS (Tunneled Transport Layer Security) offered by Funk Software. With this approach, the user gets encryption through the enhanced wireless encryption protocol (WEP) provided by 802.1x and user authentication via RSA SecurID ® technology. (See Figure B.) COMPONENTS NEEDED FOR VP N-BASED S OLUTION • VPN Solution • RSA ACE/Server® software • RSA SecurID authenticators Figure A. VPN and RSA SecurID user authentication over a Wireless Solution 22 C O M P O N E N T S N E E D E D F O R R S A S E C U R I D ® A U T H E N T I C AT I O N AND 802.1 X AND EAP SOLUTION • RSA ACE/Server ® software • RSA SecurID authenticators • 802.1x Compliant Wireless Access Point • EAP Compliant Radius Server (Cisco ACS or Funk Odessey) Figure B. RSA SecurID and 802.1x and EAP Solution 23 RSA SecurID Solutions Guide Inside an RSA SecurID ® Solution w w w. r s a s e c u r i t y. c o m / p ro d u c t s / s e c u r i d W H AT I S A N R S A S E C U R I D ® T W O - F A C T O R U S E R A U T H E N T I C AT I O N S O L U T I O N ? An RSA SecurID two-factor user authentication solution consists of: • RSA SecurID authenticators • RSA ACE/Server ® software • RSA ACE/Agent ® software • RSA SecurCare® maintenance A D VA N TA G E S O F A N R S A S E C U R I D T W O - F A C T O R U S E R A U T H E N T I C AT I O N S O L U T I O N : • Ensures the positive identification of users before they gain access to valuable resources. • The solution is extremely difficult to hack because it requires two forms of identification — something the user has and something the user knows. • Ensures greater network security than the traditional static password that is easily hacked. • Helps to create a trusted e-business environment with new possibilities for innovation and growth. 25 RSA SecurID Two-Factor Authentication 1 HI IT’S ME 2 LET ME CHE CK YO UR CREDENTIALS 3 1 2 26 3 YOU CAN GO IN NOW RSA SecurID ® Authenticators w w w. r s a s e c u r i t y. c o m / p ro d u c t s / s e c u r i d / t o k e n s . h t m l W H AT I S A N R S A S E C U R I D ® A U T H E N T I C A T O R ? With a broad range of easy-to-use form factors, RSA SecurID authenticators are available to suit every organization, including: 1. Key Fobs • The popular RSA SecurID Key Fob offers extreme durability in a reliable and portable form. 2. Hardware Tokens • The original RSA SecurID Hardware Token is a credit card-sized device that continues to provide the same excellent performance and quality guaranteed from every RSA SecurID authenticator. 3. Software Tokens • The RSA SecurID Software Token is available for the personal computer (PC), as well as various wireless devices. These include Palm ™ Computing platforms, Pocket PC PDAs and wireless phones made by Ericsson and Nokia. • By embedding the RSA SecurID Software Token into these popular devices you can eliminate the need for users to carry a dedicated authentication device. The RSA SecurID Software Token supports qualified Smart Cards and the USB token. 4. Smart Cards • RSA SecurID Smart Cards work directly with the RSA SecurID software Token application and store the RSA SecurID symmetric key on the card. • All RSA SecurID Smart Cards can also be combined with physical building access security applications and corporate badge systems, thereby providing a multi-purpose authenticator. 27 RSA SecurID Two-Factor Authentication 1. 2. 3. 4. 5. 6. 5. USB Token • RSA SecurID® USB Tokens work directly with the RSA SecurID Software Token application to store the RSA SecurID symmetric key on the embedded Smart Card, using a standard PKCS#11 interface. • RSA SecurID USB Tokens provide a single, complete device for both user and device authentication — with no additional hardware requirements and full 32K Java card support for RSA SecurID, Digital Certificate and SSO Password credential storage. 6. PINPAD Cards • The RSA SecurID PINPAD Card comes in the same credit card size and additionally enables users to encrypt their passcode for a higher level of security in environments where there is a high risk of electronic eavesdropping. H O W D O E S AN R S A S E C U R I D A U T H E N T I CAT O R W O RK ? • The use of RSA SecurID authenticators is intuitive requiring minimal end-user training and resulting in fewer Help Desk calls. The user simply enters their Passcode, consisting of their PIN and Token Code. • Each authenticator has a unique 64-bit symmetric key that is combined with a powerful algorithm to generate a new code every 60 seconds, based on patented, time-synchronous, tamperproof technology. Only the RSA ACE/Server software knows which number is valid at that moment in time for that user/authenticator combination. • RSA SecurID authenticators allow users to identify themselves and to authenticate to the network and thus gain access to protected resources. • Because of the dynamic nature of the token, a user’s electronic identity cannot be easily mimicked, hacked or hijacked. 28 RSA A C E / S e rv e r ® Software w w w. r s a s e c u r i t y. c o m / p ro d u c t s / s e c u r i d / r s a a c e s e rv e r.html W H AT I S R S A A C E / S E R V E R ® S O F T W A R E ? • RSA ACE/Server software is the management component of the RSA SecurID® product family, used to verify authentication requests and to administer policies for enterprise networks. • The RSA ACE/Server software combines a high-performance authentication engine with centralized management capabilities. It is engineered to support small organizations to large enterprises with millions of users, which may span dozens of locations and complex organizational structures. • The RSA ACE/Server software achieves superb levels of performance and availability, through database replication and options for fail-over recover y. HOW DOE S RS A AC E/SERVER SOFTWAR E WORK? • When an access request is received, the RSA ACE/Server software employs the same algorithm and seed value as the user’s token to verify that the correct token value has been entered. • If the value is correct, access is granted immediately. If either identity factor is incorrect, the user will be prompted to re-enter the correct information. After three failed attempts, the user is "locked out" until re-enabled by the RSA ACE/Server administrator. 29 RSA SecurID Two-Factor Authentication R S A A CE / S E R VE R T E C H N I CA L SO F T WA R E S P E CI F I C AT I O N S 30 P R O D U C T / F E AT U R E HARDWARE PLATFORM REQUIREMENTS RSA ACE/Server Software Microsoft® Windows® NT and Windows 2000 operating systems RSA ACE/Server Software Unix Remote Administration/Local Access Windows 2000/XP/INT operating system Pam (UNIX/Linux), Novell Web Access Windows (IIS) operating system, Apache, Sun One, Lotus Domino Quick Admin Windows operating systems or Unix Web Servers MINIMUM C O N F I G U R AT I O N H A R D W A R E P L AT F O R M C O N F I G U R AT I O N • Single Intel Pentium ® 266 MHz processor • 256 MB of physical memory + 1 MB per 1,000 users • 2 times physical memory swap file • Hard disk drive with 200 MB of free space for programs, documentation, and examples and 1 MB per 1,000 users • Dual Intel Pentium® III 800MHz processors • 256 MB of physical memory per processor • Solaris: UltraSPARC processor • HP-UX: PA-RISC 2.X • IBM® AIX: RISC/6000 or PowerPC processor • For all Unix Systems: - 128 MB of physical memory + 1 MB per 1,000 users - 2 times physical memory swap file - Recommended disk space: 400 MB + 1 MB per 1,000 users AND 1 GB reserved for log database growth • Solaris: Ultra SPARC II with dual 300 MHz processors • AIX: RS/6000 with dual 233 MHz processors • HP-UX: HP J2240 with dual 236 MHz PA-8200 processor • 20 MB of disk space • Windows® operating system: No requirements • Solaris: UltraSparc 31 RSA SecurID Two-Factor Authentication F E AT U R E S A N D B E N E F I T S O F R S A A C E / S E R V E R 5.1 S O F T WA R E Database Replication & Load Balancing High performance and scalability through load balancing, ubiquitous network security, fewer administrative headaches, lower administrative costs, network configuration flexibility. External Directory Integration (including support for Active Directory and LDAP) Ease of administration, centralized user management, automated process. Support for Standards-Based RSA SecurID AES Tokens Adherence to industry standards, seamless migration, investment protection. RSA SecurID Web Express Lower cost of deployment, faster implementations. Quick Admin Ease of administration, lower administrative costs. High Availability Hardware Systems Support Disaster recovery, reduced risk of downtime. Log Filtering Tools Ease of administration. Interoperability Investment protection. Backward Compatibility Robust network security, investment protection. Scalability Grows with your environment. RSA ACE/Agent Software Keeps your security solution working, enables seamless integration with your network applications. Database Migration Ease of administration, reduced management costs. 32 RSA ACE/Agent ® Software w w w. r s a s e c u r i t y. c o m / p roducts/securid/rsaaceagents.html W H AT I S R S A A C E / A G E N T ® S O F T W A R E ? • RSA ACE/Agent software is device-specific pieces of code that act as the connection from the RSA SecurID authenticators to the RSA ACE/Server software. • RSA ACE/Agent software functions like a security guard, enforcing security policy as established within the RSA ACE/Server system. For example, RSA ACE/Agent software lets you secure web pages and applications on your intranet or extranet, at the same time protecting mission-critical back-end systems. • RSA ACE/Agent software enables you to use the same RSA SecurID authenticators and the same RSA ACE/Server software to protect an unlimited number of resources — providing a high return on investment. • RSA ACE/Agent software is also available to provide secure access to NT domains and resources hosted on UNIX servers, mainframes, mid-range systems and a range of legacy hosts. HOW DOES R SA ACE /AG ENT SO F TWA RE WOR K? • The RSA ACE/Agent software intercepts access requests and requires designated users or groups — whether local or remote — to authenticate to the RSA ACE/Server software with an RSA SecurID authenticator prior to gaining access to protected resources. • Through the RSA Secured SecurID Ready program, RSA ACE/Agent software is available out of the box for a wide range of popular remote access devices — including firewalls, routers, Web servers and VPNs — with more than 235 products from 170 industry-leading vendors. • Simply activate the RSA ACE/Agent software built into and designed to work with an application, for example RAS, VPN or Web server, and that resource is instantly protected with RSA SecurID authentication. 33 RSA SecurID Two-Factor Authentication P R O D U CT F E AT U RE S O F R S A A C E / A G E N T ® S O F T WA R E • RSA ACE/Agent software is embedded into many major network communications products, including most: - Remote Access Servers - VPNs - Firewalls - Application Servers - Web and Enterprise Applications ** For a full list, please visit www.rsasecured.com • With the RSA Secured SecurID ® Ready program, regardless of what product you choose for your network infrastructure, RSA SecurID functionality is most likely already built into that product. • Most RSA ACE/Agent software is embedded in the devices and available for FREE when you purchase these products from the vendors. Other RSA ACE/Agent software is delivered for FREE when you purchase RSA ACE/Server software. • Custom Agents can be purchased through RSA Professional Services or developed using SecurTools software toolkits. • RSA ACE/Agent software allows you to protect multiple resources with one RSA SecurID authenticator, providing a high return on investment. • RSA ACE/Agent software integrates with existing systems and ensure user accountability. • Central user administration means that new users can be added and new systems can be protected with minimal effort. 34 RSA SecurCare ® Maintenance w w w. r s a s e c u r i t y. c o m / s u p p o rt W H AT I S R S A S E C U R C A R E ® M A I N T E N A N C E ? RSA SecurCare Maintenance is RSA Security’s state-of-the-art support system that provides the coverage necessary to help mitigate risk and maximize the long-term value of an RSA Security solution. RSA SecurCare maintenance includes: • Free software updates • Access to RSA SecurCare Online — a free service for RSA Security customers with an active support contract, as well as resellers and partners. This interactive Web-based resource can help you find answers to your most pressing technical questions. • Expert and reliable telephone assistance from RSA Customer Support Centers where and when you need it. W H ERE IS T H E L OC AL CU ST O M ER S UP PO RT CE N TE R LO C ATED? • A local Customer Support Center for the Americas region is based in Bedford, Massachusetts and is open Monday to Friday from 8:00am – 5:00pm local server time, except for designated holidays. • For RSA SecurCare Extended customers, calls outside these hours are handled by an open Customer Support Center. • When opening a new customer support case or inquiring about the status of a case, contact the Customer Support Center via the Web through SecurCare Online at https://knowledge.rsasecurity.com or by calling 800-995-5095. 35 RSA SecurID Two-Factor Authentication “ When opening a new customer support case or inquiring about the status of a case, contact the Customer Support Center via the Web at https://knowledge.rsasecurity.com or by calling 800-995-5095. ” H OW DOE S RSA S ECUR CARE MAIN T ENANC E WORK? RSA SecurCare Maintenance is available in two options to accommodate diverse business and budget requirements: R SA S ec ur Ca re • Patch, maintenance and major releases of software at NO ADDITIONAL CHARGE. • Access to RSA SecurCare Online • Technical telephone support from 8:00am to 5:00pm local server time, Monday to Friday (except designated Company holidays). • Response time goal for non-critical issues is 4 hours. R S A Sec u rC a re Extended • Patch, maintenance and major releases of software at NO ADDITIONAL CHARGE. • Access to RSA SecurCare Online. • Technical telephone support 24 x 7 x 365. • Response time goal for non-critical issues is 4 hours. 36 10 Facts about Authentication in an e-Business World PRO V I NG ID E NTI T Y. E STA BL ISH I N G TRUS T. ENA BL I NG E- B U SI NES S . FACT 1 For today’s e-business the need to validate user identities is essential. To achieve success in e-business, an enterprise must routinely expose its high-value applications and data to diverse users, both internal and external. FACT 2 Unless an organization can reliably authenticate those users, online resources are vulnerable to fraud, theft and other malicious activities. FACT 3 Authenticating devices on networks is imperative in managing secure access to network resources. Digital certificates offer a cost effective method of achieving this. FAC T 4 Without an effective authentication system in place, all other security measures — including firewalls, VPNs, cryptography, PKI and digital signatures — are also at risk of being compromised. FACT 5 Authentication solutions should be chosen based on the sensitivity and risk of the resources that are to be protected. Popular technologies for authenticating users include: • Password systems • Authentication devices eg. tokens, software tokens and smart cards • Biometrics • Digital signatures 37 RSA SecurID Sales Toolkit “ Passwords are vulnerable in many ways ranging from guessing, to interception off the network, to outright theft or social engineering methods. ” FAC T 6 The most widely used form of authentication — static password protection — cannot verify user identities with any degree of certainty. Passwords are vulnerable in many ways ranging from guessing, to interception off the network, to outright theft or social engineering methods. As a result, an individual can easily fabricate a false electronic identity or hide behind a legitimate one, causing significant damage, financial loss and liability to an enterprise. FACT 7 Combining authentication approaches into two-factor systems can provide a much higher degree of protection than single-factor implementations. FACT 8 Two-factor authentication requires users to provide two forms of identification before granting access based on something you have (an authenticator) and something you know (PIN or password). The most familiar example of two-factor authentication is an ATM banking application. FAC T 9 Two-factor authentication provides a highly secure way to reliably validate the identities of internal and external users before granting access to protected resources. FACT 1 0 RSA SecurID® technology is the world’s leading two-factor authentication solution used by more than 15 million users worldwide. 38 Sales Questioning Strategies B U YER S EG MEN TAT I O N When positioning an RSA SecurID® two-factor authentication solution to a potential customer, there are generally three levels of Buyer Segmentation you need to consider. Following are some valuable questioning strategies that will assist you in pitching at the right level. EXECUTIVE MANAGEMENT O P E R AT I O N S (CxO) Role: Strong influencer Concerns: TCO, revenue, shareholders Motivation: Strategy, long term corporate success, bottom line (IT/Security - VP, Director)) Role: Budget owner, project influencer Concerns: TCO, vendor relationship, business objectives Motivation: Proactive, personal success, politics (IT/Sec - Manager, Director) Role: Budget influencer, project owner Concerns: Price, resources, technology Motivation: Reactive, survival, immediate problem 39 RSA SecurID Sales Toolkit EXEC UTIV E L EV EL • What damage would be done to your company’s reputation if you were hacked? • What concerns about security are preventing you from implementing new electronic business processes that would improve your bottom line? • Do you think you could gain a competitive advantage or market share if you could securely offer your customers and/or partners access to your systems? • What industry regulations related to protecting electronic information apply to you? MANAGEMEN T L EVE L • What new electronic business processes for your employees, customers, suppliers or partners are you planning to roll out? • Do you think you could significantly reduce costs or increase revenue by offering automated services? • What concerns are preventing you from rolling out new applications? • Where would security rank in those concerns? • How do you ensure with confidence that your organization’s sensitive data is well protected? O P E R AT I O N A L L E V E L • How much time do you currently spend on fixing password resets and problems? • What issues do your users face by having to remember their passwords? • What issues does your help desk spend most of their time on? • How do you manage the demand for remote network access for non-employees? • What are your plans to implement a VPN solution? How will you authenticate users? • How would your organization fare in a security audit? 40 Objection Handling When selling an RSA SecurID ® solution, you may come across prospective clients who do not understand the need for or the value in strong authentication. Dealing with customer objections can be difficult, however, our experience proves there are many effective ways of overcoming these concerns. The following information gives some typical responses for dealing with customer objections, and some key points that support implementing the RSA SecurID authentication solution. PA S S W O R D S A RE S E C UR E . WHY WOULD I NEED M ORE PR OTEC TION? • Your systems and your information are now connected to outside networks that you have little or no control over. This can create serious vulnerabilities. Passwords can be sniffed (eavesdropped), cracked via dictionary attack programs, shared by users, copied from post-it notes stuck on PC monitors, etc. An RSA SecurID solution provides the ability to positively identify users that access your valuable corporate information so that at all times, you can reliably know who you’re doing business with. • An average person uses two-factor authentication every day when using bank ATM cards, so why wouldn’t users expect the same when accessing corporate assets such as employee data and customer data or transacting on the Web? 41 RSA SecurID Sales Toolkit TOKE NS ARE TOO EX PEN SIVE. • Did you know that passwords are a costly option? Consider the cost of helpdesk calls, and if you’re managing passwords appropriately they are changed every 60 days. Password reset and administration has been tracked at approximately 40% of help desk time. • Studies have shown that the cost of one security breach can be many times higher than the cost of tokens should anyone infiltrate your systems. • Reputation is everything to the large organization. Consider the Public Relations embarrassment to your corporation, with potential shareholder lawsuits, network downtime, loss of customers as well as potential new customers, and loss of productivity if your information was compromised. Which areas within your organization would be the most hurt and what would that translate into dollars lost, should a break in occur due to unauthorized access? TOKENS WILL NOT B E ACC EPTED B Y USERS. • RSA SecurID tokens are very easy to use. People use two-factor authentication every day when using bank ATM systems, so it’s a very easy process for them to understand. • RSA SecurID authenticators are available in several form factors, providing a wide range of choices for users. • Key Fob tokens are very portable, convenient and popular with users. Among other things, users are less likely to forget or mislay their tokens if they are attached to a set of keys. 42 WE’V E N EV ER BEE N HAC KE D . W H Y W O U L D I N E E D T W O - F A C T O R A U T H E N T I C AT I O N ? • How do you know if you’ve been hacked? If an unauthorized person obtained a valid password, how would you know the incident occurred? Studies have shown that the vast majority of companies attacked during experiments never knew they were hacked. Can your company afford unauthorized access and the risks associated with unauthorized users obtaining valuable employee payroll data, customer profiles and client information WITHOUT your knowledge? Proactive management of all your resources is vital. • Most business and security managers agree that password systems are both a costly and insecure method of authentication. RSA SecurID two-factor authentication ensures that you can positively identify the users on your network with an easy-to-use solution. 43 RSA SecurID Sales Toolkit W E D O N ’ T N E E D R S A S E C U R I D ® A U T H E N T I C AT I O N – WE A LREA DY HAVE A FIREWALL A ND/ OR V PN . • A firewall shows that you have a sense of the importance of security for your organization. But if you are authenticating through the firewall with passwords, there is still a vulnerability in your IT infrastructure. • RSA SecurID technology is designed to integrate easily and complement more than 200 infrastructure and security products — including leading firewall vendors — right out of the box. • A VPN ensures that your data is private and encrypted, but this does not ensure that you know who is on the other end of the communication. • Privacy does not necessarily mean security. Strong authentication is also as critical as a firewall or VPN because it prevents unauthorized entry in a way that static passwords do not. Most security experts agree there is no single solution to all of your network security problems. You need to combine elements from several areas of security to have an effective solution. Without strong authentication, your firewall is not totally protecting your network. 44 Frequently Asked Questions The RSA SecurID ® system is the world’s leading two-factor user authentication solution, installed and relied upon by thousands of organizations worldwide to protect valuable network resources. Used in conjunction with RSA ACE/Server® software, an RSA SecurID authenticator functions like an ATM card for your network, requiring users to identify themselves with two unique factors — something they know and something they have — before they are granted access. More than 15 million people around the world use RSA SecurID authenticators to securely access VPN and Remote Access applications, Web servers and applications, Wireless LANs, network operating systems, routers, firewalls and more. Q . W H AT I S R S A S E C U R I D T W O - F A C T O R A U T H E N T I C AT I O N ? RSA SecurID two-factor authentication is like an ATM card for securing network or system access. It provides an easy, one-step process to positively identify a user and prevent unauthorized access. Used in conjunction with the RSA ACE/Server software and RSA ACE/Agent software, RSA SecurID authenticators generate a new, unpredictable access code every 60 seconds. RSA SecurID technology offers strong security for a wide range of platforms — so users have a single method of sign-on to gain access to a remote dial-up session, protected Web pages, mainframes, and more. Q . W H AT A R E T H E B E N E F I T S O F R S A S E C U R I D ? RSA SecurID solutions help prevent unauthorized users from accessing enterprise network and information resources — the protection corporations need to secure valuable information assets. Two-factor authentication provides more powerful protection than traditional passwords. 45 RSA SecurID Sales Toolkit “ More than 15 million people around the world use RSA SecurID authenticators. ” For a sophisticated hacker or a determined insider it doesn’t take much to compromise a user’s password and gain access to resources that are off-limits. Single-factor identification — a reusable password — is not enough. Q. W H AT A R E TH E C O M PO N E N TS OF AN R S A S E C U RI D ® S Y S T E M ? The RSA SecurID system is made up of three components: • RSA ACE/Server® software • RSA SecurID® authenticators • RSA ACE/Agent ® software Each component contributes to the overall interoperability, scalability, manageability and flexibility that set this product apart from its competitors. R SA S E CU R I D A U T H E N T I CAT O R S Q . W H AT F O R M F A C T O R S A R E A VA I L A B L E F O R RSA SE CURID T ECHN OLOGY? RSA SecurID authenticators are available in the following forms: • Key Fob • Hardware Token and PINPAD • USB Token • Smart Card • Software Token • Handheld Devices, Palm ™ Computing platform, Ericsson R380, Nokia 9210 & Windows® PocketPC All form factors work in isolation or can be used in combination if required, or the needs of the users vary, the RSA ACE/Server software can be configured to manage any of those listed above. 46 Q . W H AT I S T H E VA L UE OF U SI N G T H E R SA S E C U RI D ® K EY F O B ? The compact size and durability of the RSA SecurID Key Fob offers a new dimension in convenience to those customers requiring high levels of security in multiple environments. In addition to providing the same reliable performance in generating random access codes as the original RSA SecurID Card, the RSA SecurID Key Fob comes in a small, lightweight format. Q . W HAT I S TH E R S A S E C U RI D S O F T WA RE T O K E N ? The RSA SecurID software token essentially turns your PC or laptop into a RSA SecurID token, providing a cost-effective and easy-to-use security solution. The software token uses the standard, patented RSA SecurID algorithm. It offers users both an automatic and a manual authentication process, by allowing integration with existing application login procedures. When using the automated login, the user simply enters his or her user ID and PIN, and the RSA SecurID software token handles the whole remote login and authentication procedure to a Web page, VPN or RAS session. Because no numerical challenge is required from the host, the RSA SecurID software token can automate the login process through simple scripting. Q . W H AT A B O U T S M A RT C A RD S ? RSA SecurID technology is available in a smart card form, which works together with the RSA SecurID Software token. A major advantage of using smart cards is that a single card can hold multiple applications. Controls for physical building access or cafeteria billing can reside on the smart card along with the RSA SecurID records. This lets an organization provide one card for multiple functions, reducing the number of devices the end user must carry. 47 RSA SecurID Sales Toolkit R S A A C E / S E R V E R ® S O F T WA R E Q . W H AT I S R S A A C E / S ER V E R S O F T WA RE ? RSA ACE/Server software is the security administration engine that powers RSA SecurID® technology and RSA ACE/Agent software. It provides strong two-factor user authentication by verifying the identity and legitimacy of all users attempting to login to the network. RSA ACE/Server software is compatible with many remote access and Internet products, as well as a range of applications, so it fits easily into a corporation’s existing network and systems infrastructure. Q . W H AT A R E T H E K E Y B E N E FI T S O F R S A A CE / S ER V E R SOFTWARE? • Cost-effective network security with industry-leading performance and scalability. • Easy to use administrative and audit features. • Compatibility with all major network hardware and software products. • User and administrator auditing ability with full reporting. • Centralized management of passwords. • Built-in support for mobile users. • Emergency access features. • Support for multiple tokens per user. • Operates on a wide range of Windows® and UNIX-based platforms. 48 Q . H O W D O E S R S A A C E / S E R V E R® S O F T W A R E D I F F E R F R O M OT HE R ENTE RPR ISE–WIDE SECU RITY PRO DUC TS? RSA ACE/Server software, with its regional network of security servers and relational database foundation, offers a level of scalability and performance that is unrivaled in the security market. RSA ACE/Server software architecture allows for centralized and customizable administrative control, giving the administrator comprehensive audit and reporting capabilities for enterprise populations of users and token records. What’s more, the RSA Secured SecurID Ready Program with over 235 third party products means that the customer environment can already be RSA ACE/Server software "aware", allowing easy integration. Q. HOW MA NY PR IMARY AN D REPLI CA SERVE RS C AN I HAV E I N O N E I N S TA L L AT I O N ? Generally one primary and one replica server. However, the RSA ACE/Server can be scaled up to 6 Primary Servers and 60 Replica servers in a single installation (using the Advanced Server model). These environments can be centrally administrated and managed from a single point (including the delivery of logging and audit information) while protecting RSA ACE/Server agents across the entire enterprise. The Replica server communicates in real-time with the Primary server, verifying that the Primary server is up and running and ensuring its data is current. This is achieved using delta change information to minimize network traffic. In the event that the primary server goes down, a replica server can be promoted to the primary role. In addition, all authentication requests continue to be processed by the remaining servers, and users are provided with uninterrupted service. 49 RSA SecurID Sales Toolkit Q . W H A T I S R S A A C E / S E R V E R ® A D VA N C E D ? Advanced Server provides an extended license that allows for one primary and up to 10 replica servers to be deployed in up to 6 realms. Advanced Server includes the additional tool, RSA SecurID ® Web Express. This enables a self-service provisioning model for token assignment and deployment through a Web browser. Advanced Server reduces the risk of authentication delays and provides for large scale, enterprise level load balancing among servers by providing multiple authentication points. Advanced Server is ideal for large enterprises with more than 2,500 end users and offices in multiple geographical locations. RS A A C E /A G E N T S O F T WA R E Q . W HAT I S RS A A C E / A G E N T S O F T WA R E ? H O W M A N Y A G E N T S D O E S R S A S E C U R I T Y C U R R E N T LY H A V E ? RSA ACE/Agent software is device-specific pieces of code that act as the connection from the token to the server. Through the RSA Secured SecurID Ready program, RSA ACE/Agent software is available out of the box for a wide range of popular remote access devices — including firewalls, routers, Web servers and virtual private networks — more than 235 products from 170 industry leading vendors. Most RSA ACE/Agent software is embedded in the device, and is available for free when you purchase these products from the vendors. Many other Agents are delivered for free when you purchase RSA ACE/Server software from RSA Security. See our Website www.rsasecured.com for a complete listing. 50 Q. WHI CH RS A AC E/AGE N T SOFTWA RE DOES R SA SEC URIT Y C U R R E N T LY D E L I V E R ? The following agents accompany RSA ACE/Server software out of the box: Web: • Microsoft® IIS for NT • Netscape® for UNIX • Apache for Solaris and Red Hat NT: • Local • Domain Authentication • RAS UNIX: • Sun Solaris • AIX • HP/UX • Red Hat In addition, RSA Security offers a variety of RSA ACE/Agent software to secure access to mainframes and many other network and operating systems, directory services, and more. See our Website www.rsasecured.com for a complete listing. 51 RSA SecurID Sales Toolkit Q . W H AT H A P P E N S I F I H A V E A P R O P R I E TA RY A P P L I C AT I O N I N A D D I T I O N T O M Y O R G A N I Z AT I O N ’ S E X I S T I N G N E T W O R K ? C A N R S A A C E / S E R V E R® S O F T W A R E P R O T E C T I T ? RSA ACE/Server software includes an authentication Application Programming Interface (API) which allows you to "RSA SecurID protect" custom or proprietary applications in addition to the rest of the RSA SecurID protected network resources. As an example, these applications may be gateways to network services, fund transfers, or access to corporate databases. All custom applications that update security data execute RSA ACE/Server software to authenticate the user’s identity. Q. WHICH FOR M FACTOR WOULD BE ST SU IT MY O R G A N I Z AT I O N ? • There are many options for form factors for organizations. Perhaps your company is already looking at installing smart card technology for access to buildings or maybe your users are already using PDA’s. RSA Security has many alternatives that are suited to your requirements. The most common choice remains the token, as it is a durable, small device. • Gartner’s ‘Authentication Tokens: Overview’ (8 March 2002*) states that although interest in the use of public key authentication with smart cards and of biometric authentication is increasing, authentication tokens remain a sound choice for organizations seeking the best protection. [* Authentication Tokens: Overview; DPRO-104977; Ant Allan; Technology Overview; 8 March 2002] 52 RSA SECURID® HELP DESK QUESTIONS Q. CAN A USE R LOG IN IF THEY FORGET OR LOSE TH EIR RSA S E C U R I D A U T H E N T I C AT O R ? The emergency access feature in RSA ACE/Server® software protects the remote user who either misplaces their token or experiences a failure. The user can call their security administrator who can enable the user to use their PIN plus password as a temporary passcode for a specific duration. In a more proactive mode, the security administrator can create a set of one-time (single use) passwords, which can temporarily replace a token as a method of authentication and simply share one of them with the stranded remote user. Q . W H AT F U N C T I O NS C A N I A L L O W A H EL P D ES K T O ADM INISTER AN D WHI CH ONES C AN I PREV ENT THE HELP DE SK F ROM A CC ESSI NG? With the Administrative Roles functionality in the RSA ACE/Server software, you can construct a Help Desk Role that has rights to manage only a set of tasks that you specify to meet your business needs. Q . W H AT I S T H E S TA N D A R D L I F E O F A N R S A S E C U R I D T O K E N ? RSA SecurID tokens are available with a life span of 2, 3, 4, or 5 years as specified by the customer. 3 years is the most common life span. Q. AR E THE RE AN Y ISSU ES WI TH RSA S ECU R ID TIM E C L OCK S? Since RSA SecurID authentication is a patented time-synchronous technology, it ensures that the code displayed by a user’s token is the same code being generated by the RSA ACE/Server software for the prescribed time period. 53 RSA SecurID Sales Toolkit How to Quote a New Customer Step 1: RSA ACE/Server software — Determine the User Level a) How many RSA SecurID users does the Customer want? The RSA ACE/Server software is available in the following brackets in the table below: NO. OF USERS 1-25 26-50 51-100 101-150 151-250 251-500 501-750 751-1,000 1,001-1,500 1,501-2,000 2,001-2,500 2,501-3,500 3,501-5,000 5,001-7,500 7,501-10,000 ** Product is only sold in the quantities listed. No partial or single seat sales. ** For License brackets above this, please contact your RSA Security Distributor. b) Does the Customer require a Base Server or an Advanced Server? Step 2: RSA SecurID — Determine the Number of Authenticators and the Form Factor a) How many RSA SecurID authenticators does the Customer require? (minimum of 5) 55 How to Quote an RSA SecurID Solution b) What type of authenticators and what authentication-life does the Customer require? AUTHENTICATOR–TYPE 6-months Key Fob (SD600) Hardware Token (SD200) PINPAD Card (SD520) Software Token Smart Card (4100/5100)* USB Token (6100)* 1 year a 2 years 3 years a a a a a a a a a 4 years 5 years a a a a a No Expiry a a *Requires a software token Step 3: RSA SecurCare – Determine the Type of Maintenance Coverage a) There are two types of maintenance coverage: 1. RSA SecurCare – 8:00am-5:00pm, Monday-Friday 2. RSA SecurCare Extended – 24 hours x 7 days x 365 days ** The RSA SecurCare contract must match the user level of the RSA ACE/Server license, and is valid for 12 months. Once you have the number of users, number of authenticators required, and maintenance requirements please refer to your price list for pricing. For example the customer has 200 users. They require: • 250 User RSA ACE/Server License • 200 RSA SecurID Authenticators - specify the form factor • 250 User RSA SecurCare Contract 56 How to Quote an upgrade for an existing RSA SecurID ® Customer Quoting an upgrade for an existing RSA SecurID customer is as easy as following the three steps outlined below. Step 1: RSA ACE/Server ® software — Determine the User Level a) How many RSA SecurID users does the Customer have? The RSA ACE/Server software is available in the following brackets below: NO. OF USERS 1-25 26-50 51-100 101-150 151-250 251-500 501-750 751-1,000 1,001-1,500 1,501-2,000 2,001-2,500 2,501-3,500 3,501-5,000 5,001-7,500 7,501-10,000 ** Product is only sold in the quantities listed. No partial or single seat sales. ** For License brackets above this, please contact your RSA Security Distributor. b) How many additional RSA SecurID users does the customer want? c) Is there spare capacity in the cur rent license? If not, they need to upgrade. d) Work out the upgrade quote by subtracting the cost of the current user license from the cost of the desired user license, and add 15%. 57 How to Quote an RSA SecurID Solution For example the customer cur rently has a 50 user RSA ACE/Server license and wishes to upgrade to a 250 user RSA ACE/Server license: 250 user RSA ACE/Server license = $15,000* 50 user RSA ACE/Server license = $5,000* 250 user RSA ACE/Server license – 50 user RSA ACE/Server license = $10,000 To work out the cost with the 15% upgrade fee: $10,000 + (15% x $10,000) = $11,500 * Please note prices are used as an example only Step 2: RSA SecurID® Solution – Determine the Number of Authenticators and the Form Factor a) What is the current version of the RSA ACE/Server ® software being used in production? • If the customer requires RSA SecurID SD600 Key Fobs and the current version is RSA ACE/Server 5.1 software, then quote AES tokens. • If the customer requires RSA SecurID SD600 Key Fobs and the current version is RSA ACE/Server 5.0 software or less then quote traditional tokens. ** All new RSA SecurID SD600 customers will receive RSA SecurID AES tokens. b) How many RSA SecurID authenticators does the Customer require? 58 c) What type of authenticators and what authentication-life does the Customer require? AUTHENTICATOR–TYPE 6-months Key Fob (SD600) Hardware Token (SD200) PINPAD Card (SD520) Software Token Smart Card (4100/5100)* USB Token (6100)* a 1 year 2 years 3 years a a a a a a a a a 4 years a a a a 5 years No Expiry a a a *Requires a software token Step 3: RSA SecurCare® — Determine the Type of Maintenance Coverage a) There are two types of maintenance coverage: 1. RSA SecurCare — 8:00am-5:00pm local server time, Monday-Friday 2. RSA SecurCare Extended — 24 hours x 7 days x 365 days b) What user level of RSA SecurCare does the customer currently have? c) What user level of RSA SecurCare does the customer want to move to? ** The RSA SecurCare contract must match the user level of the RSA ACE/Server® license, and is valid for 12 months. d) Work out the quote for RSA SecurCare by subtracting the cost of the current user contract from the cost of the desired user contract, and add 15%. And, pro rata it for the remaining life of the original maintenance. 59 How to Quote an RSA SecurID Solution For example the customer has a 50 user RSA SecurCare maintenance contract with 5 months remaining and wishes to upgrade to a 250 user RSA SecurCare maintenance contract: 250 user RSA SecurCare contract = $5,000* 50 user RSA SecurCare contract = $2,000* 250 user RSA SecurCare contract – 50 user RSA SecurCare contract = $3,000 To work out the cost with the 15% upgrade fee: $3,000 + (15% x $3,000) = $3,450 (for 12 months). But as the customer requires 5 months only, the upgrade quotation will be $3,450 divided by 12 (to calculate the monthly fee), and multiplied by 5 (the number of months remaining on the original contract) = $1,437.50. * Please note prices are used as an example only 60 How to Quote a Mid-Tier License Pricing This is generally discouraged. However, if it is necessary because a sale wouldn't happen without it, the procedures are as follows. Step 1: RSA ACE/Server software -- Determine the Per User Price (Mid-Tier) Let's say someone wants RSA ACE/Server software for 4000 users. The next lowest price tier that exists is 3,500. The price for a 3,500 user licenses is $94,000*. Calculate the per user price by dividing the number of licensed users (3,500) into the license price ($94,000). So the price of a single user is $94,000 / 3,500 = $26.85* per user. Step 2: Determine the Price Take the per user price of $26.85* and multiply it by the number of users mid-tier (4,000). $26.85 x 4,000 = $107,000*. Then multiply that price by the 15% uplift for upgrade fee. $107,000 x 1.15 = $123,510*. This is the price for the customer. * Note: DO NOT use the pricing for the next highest tier, in this case, 5,000. The per user price is lower and one isn't afforded the lower per user price until that number of users is reached. H O W T O R E I N S TAT E M A I N T E N A N C E If the maintenance on a license has lapsed, there is a reinstatement fee. The fee is 20% of the current LICENSE price. An option is for the customer to pay the maintenance fee for the lapsed period. 61 How to Quote an RSA SecurID Solution How to place an Order Regardless of whether you are placing an order direct with RSA Security or through a distributor, the following information must reach us so that your order may be processed. Contact Information RSA Security requires the following: • Bill to (Payer): name, street address, city, state/province, country, and phone. • Ship to: name, street address, city, state/province, country, and phone. If End user is not the Ship to, then include the: • End user: name, street address, city, state/province, country, and phone. If the shipment is going through a Freight Forwarder, then include the: • Freight forwarder: name, street address, city, state/province, country, and phone. Standard Terms • Payment terms are Net 30. • Shipping method is two-day air. • Delivery terms are F.O.B. origin or per the signed agreement. • Specify the requested ship date if necessary. 62 Purchase Order (PO) Number Requirements • All orders must be expressed in U.S. dollars. • For orders under $10K, a purchase order number is not required. • For orders between $10K and $30K, any text request (via email or fax) with a PO number is acceptable. • Orders of $30K and over are required to have a complete purchase order document. • Purchase orders received from a VAR must ship to the End User listed on the PO, or if shipping to the VAR's address, a copy of the End User's PO to the VAR must be attached. Product and Price Information • List a specific part number, product description and quantity for each item. • If special pricing applies, this must be made clear on the purchase order. If NSP (non standard pricing) approval is required, it must accompany the PO. Additional Critical Information • List "RSA Security" as the vendor name. • For license upgrades and maintenance contracts, the license number of the server must be included. This is an eight-digit number starting with a "9." • Include the version number of the RSA ACE/Server® software for which you are upgrading or purchasing tokens. • List the RSA Security sales representative with whom you are working. • Include an authorized buyer name and signature. 63 How to Quote an RSA SecurID Solution Where to Send the Order • Fax POs to RSA Security Customer Order Management (COM) at 781-515-6580 or 781-515-6570. • Email POs to: [email protected] Check on Your Order with RSA Online RSA Online is a comprehensive and evolving e-Business solution to provide our customers and business partners with industry-leading access to order information and RSA Security's Product Catalog over the Web. This service is provided at no additional charge to select RSA Security enterprise customers and partners. Separate registration is required. To register go to: www.rsasecurity.com/rsaonline/index.html 64 RSA SecurID ® Starter Kit RSA SecurlD® Starter Kit (P.N. SECURWORLD NFR-KIT) contains the following items: • 25 user RSA ACE/Server ® license (latest version) • 10 RSA SecurlD Software Tokens • 5 RSA SecurlD cards (SD200s) • 5 RSA SecurlD fobs (SD600s) • 10 RSA SecurID seed records (to go with the Software Tokens) • One year FREE maintenance (P.N. OTHER MAINT) at 0.00 charge Cost: $1,995.00 U.S. 65 How to Quote an RSA SecurID Solution Partner Resource Center h t t p : / / s a l e s . r s a s e c u r i t y. c o m / s a l e s One of the most valuable RSA SecurWorld™ Partner benefits is exclusive access to the Partner Resource Center (PRC) Web site. The PRC provides complete online content for all RSA SecurWorld program information and sales and marketing tools, including: • Sales presentations • Training materials • Logo and photography downloads • Other tools needed to generate sales and build awareness for your business Upon going to the PRC, each partner contact will access the site via an RSA SecurID® token or a password. If you are authenticating into the site with an RSA SecurID token, you will no longer need to authenticate again into some of the protected areas of the PRC. If you are a registered user of RSA Online, you will now have single sign-on capability to that system. RSA Online is the application where a user can track RSA Security orders and shipping online. Regardless of the access method, the PRC has partner information that is custom-designed for partners based on their RSA SecurWorld partner level status. 67 RSA SecurWorld Partner Resources Web-Based Sales Training w w w. r s a s e c u r i t y. c o m / g o / w e b t r a i n i n g We all face challenges trying to schedule the education and training necessary to help us stay on top of the ever-changing security marketplace. RSA Security is pleased to introduce Web-based sales training. All modules have been designed to provide you with the information and tools you need to successfully sell RSA SecurID ® solutions — the world’s leading two-factor user authentication solution, relied on by thousands of organizations worldwide to secure networks and protect valuable online resources. After completing the modules of Web-based sales training on RSA SecurID solutions, you will be able to: • Describe RSA SecurID software’s unique security system and explain RSA Security’s position in the market place. • Describe the major components, functionality and benefits of the RSA SecurID solution. • Identify RSA SecurID target markets, prospects and opportunities with our complete set of selling tools, and learn how to present the best solutions for each environment. • Describe the business problems RSA SecurID solutions can solve. Never before has the security industry been more important to your ongoing sales efforts. Register today and take advantage of this easy and flexible training offered by RSA SecurWorld™ University. Whether the RSA SecurID solution is new to you or you simply need a refresher course, this sales training will give you the information you need to succeed in the security market place. 68 Professional Services & Education w w w. r s a s e c u r i t y. c o m / s e rv i c e s The RSA Professional Services Organization (PSO) is dedicated to working cooperatively with partners, and provides three main areas of offerings: • Consultancy • Packaged Custom Applications • Education Services RSA Professional Services represent an opportunity to sell value-added services to our customers, and can be positioned and sold with or without RSA Security products. C O N S U LTA N C Y Consultancy takes two forms: 1. Time and Materials based consulting services, which can be used for offerings such as: • Planning and Project Management • Architecture and Design • Physical Deployment • Custom Development 2. Packaged Consultancy Services, where fixed-scope and fixed-price offerings are available. Examples of these include: • RSA ClearTrust® Solution • RSA Keon® Assessment Services • Application Security Design Assessment Service (ASDA) • RSA Keon® CA SuccessPak 69 RSA SecurWorld Partner Resources PA CK AG E D C U S T O M A PP L I C AT I O N S Packaged Custom Applications are custom developments that PSO has created, and are now sold in the same way as "off the shelf" products. Examples of Packaged Custom Applications include: RSA ACE/Server® software / RSA SecurID ® authentication • Custom RSA ACE/Agent® software such as Unixware, Compaq Tru64, BSD, SGI, etc • RSA ACE/Server Delegated Administration RSA Keon® Technology • RSA Keon Web Server SSL Solution • RSA Root Signing Service E D U C AT I O N S E RV I C E S RSA Training — a division of the RSA Security Professional Services organization — offers a product-based technical curriculum mixing targeted courses with a comprehensive, industryrecognized Certified Security Professional Program. RSA Training helps deliver true business value by accelerating ROI and helping to enhance an e-security investment. Courses offered include technical training for installing, supporting, and administering the entire range of RSA Security products. Encouraging your customers to attend the administrative training course will help to alleviate technical support calls and really improve your customer’s understanding of the product(s) they have purchased. The contact for RSA Professional Services in the Americas is Theresa Mawn. E: [email protected] P: 781-515-6804 70 Useful RSA Security URLs R S A S E C U R E D® S O L U T I O N S D I R E C T O R Y A N D I M P L E M E N T A T I O N G U I D E S www.rsasecured.com The RSA Secured® Solutions Directory has long been a valuable resource for corporate IT and IS directors looking for security products, and the general Internet user who is concerned about e-security. The directory lists vendor products that have RSA BSAFE® encryption technologies included into their products and vendor products that are compatible with RSA SecurID®, RSA ClearTrust® and RSA Keon ® technologies, as well as links to Implementation Guides for each individual product. W E B S E M I N A R S www.placewareforum.com/rsasecurity These free RSA Security Web seminars allow you to learn right from your desktop, at a time convenient for you. Register for upcoming Web seminars on a range of e-security topics and also view archives of past events. R S A O N L I N E www.rsasecurity.com/rsaonline/index.html RSA Online is a comprehensive and evolving e-Business solution to provide our customers and business partners with industry-leading access to order information and RSA Security’s Product Catalog over the Web. This service is provided at no additional charge to select RSA Security enterprise customers and partners. Separate registration is required. RSA Online offers: • A personalized secure interface • Real-time access to order tracking and history information • Quick and easy license lookups • Proactive maintenance renewal notifications • Same information used by RSA Security Customer Operations 71 RSA SecurWorld Partner Resources R S A S E C U R C A R E ® O N L I N E http://knowledge.rsasecurity.com/formslogin.asp RSA SecurCare® Online is a free service for RSA Security customers with an active support contract, as well as resellers and partners. This Web-based customer support application can help you find answers to your most pressing technical questions. You must be registered with RSA SecurCare Online to use this service. R S A P A R T N E R R E S O U R C E C E N T E R http://sales.rsasecurity.com/sales/ As an RSA SecurWorld TM Partner, one of your most valuable benefits is exclusive access to the Partner Resource Center (PRC) Web site. The PRC provides you with complete online information for all RSA SecurWorld programs and sales and marketing tools, including sales presentations, training materials, logos and photographic downloads, online ordering of collateral — everything you need to generate sales and build awareness of your business. The PRC can be accessed through authentication via either an RSA SecurID token or a password. R S A S E C U R I T Y N E W S C E N T E R www.rsasecurity.com/company/news/index.asp Keep up-to-date with RSA Security’s latest breaking news, media releases, past news and background information. 72 R S A S E C U R W O R L D TM PA RT N E R P R O G R A M www.rsasecurity.com/partners/channel/become.html Opportunities to profit and expand your business in the e-security marketplace are significant as public and private networks merge and organizations expand their businesses to the Internet. As customers' e-business needs continue to increase, their demand for local companies with security expertise will also increase. By becoming a partner in the RSA SecurWorld Partner Program, you'll have access to award-winning, leading security products and services. You'll also be given everything you need to build a successful business, from marketing tools to technical training. Worldwide in scope, the RSA SecurWorld Partner Program is a comprehensive program for RSA SecurID ®, RSA Keon®, and RSA ClearTrust ® solution providers. RSA, RSA Security, SecurCare, SecurWorld, SecurID, RSA Secured, Keon, ClearTrust, ACE/Server, ACE/Agent and BSAFE are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other trademarks used in this document are the property of their respective owners. © 2003 RSA Security Inc. All rights reserved. 73 RSA SecurWorld Partner Resources 75 ACCESS POINT (AP) The wireless server that connects Wireless LAN clients to the internal network. ALGORITHM A complex of mathematical function; used to encrypt and decrypt private information. A P P L I C AT I O N S E C U R I T Y Security enforced by individual software applications, rather than at a global network level. AUDIT The process of assessing an organization’s security policies and systems. A U T H E N T I C ATI O N The process of verifying the identity of an individual or system. A U T H E N T I C AT I O N S E R V E R A server that provides authentication services on a network. A U T H E N T I C AT I O N T O K E N A device issued to authorized individuals which generates a code used to provide proof of their identity in a two-factor authentication system; can be a hardware token or a software token. Also called an "authenticator". A U T H O R I Z AT I O N The granting of appropriate access privileges to authenticated users. BA S TI O N HO ST A security system, such as a firewall, placed between two networks; and which serves as a first line of defense. BIOMETRICS User authentication based on unique physical characteristics such as fingerprints, retinal scans, voiceprint, hand geometry or others. BR O AD C A ST ST O R M F I R EWA L L A firewall system used to stop broadcast storm attacks, where multicast packets flood a network. BRUTE FORCE A hacking technique that uses sheer repetition rather than logic to overcome protection; used to test password alternatives, or to locate active modem lines. 76 CALLBACK A security approach where a remote access connection to a private network can only be made when an internal server originates the call to a pre-approved phone number. CHALLENGE/RESPONSE An authentication approach where the authentication server provides a message (the challenge) which the user must process and enter correctly (the response) to prove identity. DENIAL OF SERVICE A hacker attack designed to shut down or overwhelm a critical system, such as an authentication server or Web server. DIAL-UP A remote access connection to a company network via a telephone line and modem. D YN AM IC A U T H E NT I C ATI ON SE RVER An authentication server that supports one-time use passwords. ENCRYPTION ALGORITHM The mathematical formula used to encrypt information; based on the idea that factoring down a very large number (thousands of digits) is much more difficult than the task of generating it. EXTRANET Making information on a private network available to authorized parties outside the organization, using Internet technology. F I R E WA L L A system for isolating and protecting networks; typically used to prevent internet-based users from breaching a private network. HAND GEOMETRY A biometric authentication approach, based on recognizing unique characteristics of an individual’s hand; less intrusive than retinal scanning or other biometric techniques. HARDWARE TOK EN A code-generating device, often the size of a credit card, that an authorized user carries to provide authentication when logging on to a secure network or application. HASH CODE A short piece of ciphertext created by a one-way hash algorithm; provides a unique fingerprint of the total keystrokes in a document, without the need to decrypt. 77 Security Glossary HASH FUNCTION Also one-way algorithm; the mathematical formula that turns a text block into a unique block of ciphertext of a fixed length. I D E N T I F I C AT I O N A computer’s recognition of a unique individual, through user name, certificate or other factor. I N F O R M AT I O N S E C U R I T Y An approach to network security which emphasizes securing individual information and applications, rather than just network connection points such as RAS servers and routers. INFRASTRUCTURE The hardware, software and firmware assets used to provide network services. N O N - R E P U D I AT I O N The inability to deny actions. Non-repudiation of delivery prevents a recipient from denying receipt of a message; non-repudiation of origin prevents the creator from denying that he or she wrote the message; non-repudiation of submission provides proof of the time and date the message was sent. ONE- TIME PASSWORD A system where a password is valid for only one login, changing in a pattern known only to the authorized individual and security server. PAS S WO RD C R A C KI NG The guessing or decrypting of valid passwords. PIN Personal Identification Number PROXY A computer that takes the place of another; used for example by certain firewall systems to isolate host computers from outsiders. RADIUS Remote Authentication Dial-In User Service software originated by Livingston Technologies used to manage users and passwords centrally. RAS (REM OT E ACCES S S ERVER) A device used to establish a dial-up connection to a network. REALM A sub-portion of an enterprise network, for administration purposes. 78 REMOTE ACCESS The ability to dial-in to a private network via a modem and telephone line. R E P U D I AT I O N To deny an asserted set of facts. Compare with non-repudiation. ROUTER A device for managing traffic between networks. SECURITY DOMAIN Range of network infrastructure that a specific administrator or security server has authority over. SMART CARD A credit card-like device with both memory and CPU built-in, used to store personal credentials or other information; can be used for authentication purposes. SOCIAL ENGINEERING A hacker term for gaining access credentials or other secret information by tricking people, rather than through technological means. SOFT TOKEN Also software token; a software utility that generates login codes for two-factor authentication systems. TOKENCODE The numeric code generated each minute by a hardware or software token for purposes of strong, two-factor authentication. TRUST In security technology, the definition of the relationship between two parties or computers, wherein certain rights or privileges are granted to the trusted party. T W O - FA C TO R A UT H EN T IC AT I O N Stronger-than-password authentication that is based on the presence of two factors; something the user knows (such as a PIN), and something the user has. WIRELESS LOCAL AREA NETWORK (WLAN) Technology that allows users to access corporate information without being physically connected to the Network’s Ethernet. WLAN CLIENT A wireless client card that’s plugged into the users laptop, Pocket PC or a desktop. VIRT U A L PR I VATE N ET WO R K ( VP N) The use of encrypted tunnel over a public network, to provide privacy on par with a private network. 79 Security Glossary Contact Details Europe, Middle East & Africa Denmark RSA Security AB c/o Network Technologies A/S Islands Brygge 43 DK-2300 Copenhagen S Denmark Tel: +45 401 906 46 Fax: +45 7027 0781 Finland RSA Security Sinimäentie 8 B FIN - 02630 Espoo Finland Tel: + 358 9 2707 5691 Fax: + 358 9 2707 5706 France RSA Security France SARL 81/ 83, avenue Edouard Vaillant Immeuble "Le Quintet" Batiment E - 7éme étage 92100 Boulogne-Billancourt France Tel: +33 1 55 20 99 99 Fax: +33 1 55 20 99 98 80 Germany RSA Security GmbH Heinrich-von-Brentano-Str.2 D-55130 Mainz Germany Tel: +49 6131 2106 0 Fax: +49 6131 2106 555 RSA Security GmbH Eugen-Sänger-Ring 1 85649 Brunnthal Munich Germany Tel: +49 89 607 4539-0 Fax: +49 89 607 4539 9 Ireland RSA Security Ireland Limited 127 Shannon Free Zone Shannon County Clare Ireland Tel: +35 361 725 100 Fax: +35 361 725 110 Italy RSA Security BV (Italy) Edificio A Via Senigallia, 18/2 20161 Milano Italy Tel: +39 02 646 72 221 Fax: +39 02 646 72 400 Norway RSA Security (Nordic AS) Nylennavegen 17 Postboks 43 1921 Sørumsand Norway Tel: +47 638 249 30 Fax: +47 638 249 31 Poland RSA Security Warsaw Financial Centre, XI Floor ul. Emilii Plater 53 00-113 Warsaw Poland Tel: +48 22 528 94 28 Fax: +48 22 528 93 13 Switzerland RSA Security BV Schörli 5 CH-8600 Dübendorf Switzerland Tel: +41 1 882 22 33 Fax: +41 1 820 25 21 The Netherlands RSA Security BV Planetenbaan 2 3606 AK Maarssen The Netherlands Tel: +31 346 584 260 Fax: +31 346 584 279 United Kingdom RSA Security UK Ltd. RSA House Western Road Bracknell Berkshire RG12 1RT UK Tel: +44 1344 781 000 Fax: +44 1344 781 010 Sweden RSA Security AB Box 107 04 / Arenavägen 29 SE-121 29 Stockholm Sweden Tel: +46 8 725 09 00 Fax: +46 8 649 80 06 81 RSA Security Contact Information www.rsasecurity.com www.rsasecurity.com/partners