RSA® Adaptive Authentication (On-Premise) 7.2 Integration Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks RSA, the RSA Logo, BSAFE and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa. License agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright © 2015 EMC Corporation. All Rights Reserved. Published in the USA. November 2015 RSA Adaptive Authentication (On-Premise) 7.2 Integration Guide Contents Preface................................................................................................................................... 5 About This Guide................................................................................................................5 RSA Adaptive Authentication (On-Premise) Documentation............................................ 5 Support and Service ............................................................................................................ 6 Before You Call Customer Support............................................................................. 6 Chapter 1: Encryption System ............................................................................... 7 Database and Persistence Encryption ................................................................................. 7 Encryption Algorithms........................................................................................................ 7 Key Creation and Storage ................................................................................................... 7 Chapter 2: Reverse HTTP Proxy in the DMZ.................................................. 9 Reverse HTTP Proxy Server............................................................................................... 9 Reasons for Using a Reverse Proxy............................................................................. 9 Chapter 3: Validating User Data ...........................................................................11 Validating User Input.........................................................................................................11 Profanity......................................................................................................................11 SQL Injection............................................................................................................. 12 XML Injection ........................................................................................................... 12 Special Characters...................................................................................................... 12 Scripting Patterns....................................................................................................... 12 Additional Data Validation Guidelines............................................................................. 13 Chapter 4: Device Information Collection ..................................................... 15 Device Information ........................................................................................................... 15 HTTP Headers ........................................................................................................... 15 Source IP Address...................................................................................................... 16 Device Print ............................................................................................................... 16 Mobile Device Information ....................................................................................... 17 User-Defined Credentials .......................................................................................... 17 Device Token............................................................................................................. 17 Device Token Theft Detection................................................................................... 20 Collection of Device Information ..................................................................................... 20 Collection of Device Print Information During Logon ............................................. 21 Collection of Device Print Information During Enrollment...................................... 22 Collection of Device Print Information During Transaction Authentication ............ 23 Collection of Information Using the Mobile SDK - Adaptive Authentication Module 24 Scripts for Collection of Device Print Information ................................................... 25 Retrieval of the Device Token................................................................................... 26 Collection of Device Print Information ..................................................................... 30 Information Sent to Web Services .................................................................................... 32 Overview of the Setting of Device Print Information....................................................... 33 Contents 3 RSA Adaptive Authentication (On-Premise) 7.2 Integration Guide Device Print Information Set During Enrollment...................................................... 34 Device Print Information Set After a Successful Challenge...................................... 35 Device Print Information Set During Transaction Authentication ............................ 36 Setting Device Print Information ...................................................................................... 37 Place the PMData Cookie .......................................................................................... 37 Place the Flash Shared Object Token ........................................................................ 37 Chapter 5: Information Collection...................................................................... 41 Mobile Location Awareness ............................................................................................. 41 Overview of Information Collection for Mobile Location Awareness...................... 42 Script for Collection of Mobile Location Awareness Information............................ 43 Mobile Location Awareness Function Names........................................................... 43 Collect Information for Mobile Location Awareness................................................ 45 Chapter 6: RDP Trojan Protection...................................................................... 49 RDP Trojan Protection Module ........................................................................................ 49 Collect RDP Trojan Protection Information ..................................................................... 51 RDP Trojan Collection Parameters............................................................................ 52 4 Contents RSA Adaptive Authentication (On-Premise) 7.2 Integration Guide Preface About This Guide This guide introduces the procedures required to integrate RSA® Adaptive Authentication (On-Premise) 7.2 with existing applications. This guide is intended for system administrators, security analysts, and other trusted personnel. Do not make this guide available to the general user population. RSA Adaptive Authentication (On-Premise) Documentation For more information about RSA Adaptive Authentication (On-Premise), see the following documentation: API Reference Guide. Describes RSA Adaptive Authentication (On-Premise) web services API methods and parameters. This guide also describes how to build your own web services clients and applications using web services API to integrate and utilize the capabilities of Adaptive Authentication (On-Premise). Authentication Plug-In Developer’s Guide. Describes the Authentication Plug-In development process that enables
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages52 Page
-
File Size-