Security

RSA AM 7.1SP3 Token Delivery

René Jorissen on April 28, 2010 0 Comments • Tags: #agent #authenticate #automatically #deliver #delivery #on-demand #rsa #token

Using two-factor authentication is common when publishing remote services to the internet with components like Citrix NetScaler or Juniper SA appliances. RSA is a well-known provider of two-factor authentication mechanism. Beginning with RSA Authentication Manager 7.1 people have the ability to use the On-Demand feature. This feature enables the delivery of token codes via SMS … Read More

Security

User expiration with RSA AM 7.1

René Jorissen on April 8, 2010 1 Comment • Tags: #rsa

I noticed some differences in the user expiration between RSA Authentication Manager 7.1 and RSA Authentication Manager 7.1 SP2. When assigning a token to an user in RSA AM7.1, the user automatically gets an expiration date set on its user account. The default expiration date is one year. I cannot reproduce this same symptom with … Read More

Proxy, Security

Problem running ISA en IAS on the same server

René Jorissen on March 19, 2010 3 Comments • Tags: #default #ias #isa #isaserverdefaultpolicy #policy #same #server

Today I had some problems running ISA 2004 en IAS on the same server. At the beginning the customer was running ISA 2000 and IAS on the same server without any problems. By incident, the customer was forced to upgrade his ISA. They had a 2004 license, so ISA 2004 it was. I noticed that … Read More

Security

Geotrust 2048 bit Root Migration

René Jorissen on March 11, 2010 0 Comments • Tags: #2048 #bit #geotrust #migration #root

Today I read about Geotrust upgrading their public root certificate from 1024-bit to 2048-bit. Geotrust is upgrading the root certificate with the following reason. This change is in line with industry best practices that GeoTrust follows to ensure the highest level of security for customers. The move to 2048-bit root keys is an industry-wide initiative. … Read More

Configuration Example, Security

Configure IOS SSL VPN on IOS router

René Jorissen on February 11, 2010 4 Comments • Tags: #anyconnect #client #context #forwarding #ios #port #ssl #thin #vpn #webvpn

Yesterday I blogged about configuring a VPN client on an IOS router and today I blogged about importing PKCS12 certificates for WebVPN purposes. This follow up blog is about configuring the WebVPN functionality together with the AnyConnect client and port forwarding on an IOS router. I use the same setup as with the VPN client … Read More

Configuration Example, Security

Import PKCS12 certificate on IOS router

René Jorissen on February 11, 2010 7 Comments • Tags: #ca #certificate #crypto #import #ios #passphrase #pkcs12 #pki #router #tftp #trustpoint

Nowadays IOS routers can be configured with WebVPN (Clientless SSL VPN) functionalities. WebVPN allows a user to securely access resources on the corporate LAN from anywhere with an SSL-enabled Web browser. To secure the connection you should use a SSL certificate to encrypt all transferred data. There are different ways of creating and importing SSL … Read More