Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
login information between the user and the server. Each SecurID user has three
authentication credentials:
User Name
Personal identification number (PIN)
Authenticator—a SecurID issued device with an LCD screen that displays a token code,
a randomly generated string of numbers that changes every minute. The authenticator
uses an algorithm known only by RSA to create the token code that appears in LCD
screen; when users enter their username, their PIN, and the token code from their
authenticator, the RSA ACE server also performs the same algorithm, generating a
match between the server and the user.
When users log in, the SecurID client (the security device) prompts them for their user
name, their PIN, and the current token code. The device compares the user input against
value generated by the RSA ACE server algorithm. If the values match, the authentication
is successful.
For a SecurID authentication server object, you must configure the following:
Authentication Port—The port number on the SecurID ACE server to which the security
device sends authentication requests. The default port number is 5500.
Encryption Type—The algorithm used for encrypting communication between the
security device and the SecurID ACE server (SDI or DES).
Client Retries—The number of times that the SecurID client (the security device) tries
to establish communication with the SecurID ACE server before aborting the attempt.
Client Timeout—The length of time in seconds that the security device waits between
authentication retry attempts.
Use Duress—An option that prevents or allows use of a different PIN number. When
this option is enabled, and a user enters a previously determined duress PIN number,
the security device sends a signal to the SecurID ACE server, indicating that the user is
performing the login against his or her will, possible under duress. The SecurID ACE
server permits access that one time, then denies any further login attempts by that
user until he or she contacts the SecurID administrator. Duress mode is available only
if the SecurID ACE server supports this option.
Supported Users
A SecurID Ace server supports the following types of users and authentication features:
Auth users
L2TP users (user authentication; L2TP user receives default L2TP settings from the
security device)
XAuth users (user authentication; no support for remote setting assignments)
Admin users (user authentication; administrator user receives default privilege
assignment of read-only)
Chapter 8: Configuring Objects
397
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series