44 | SRA 6.0 Administrator’s Guide
•
Greatly enhances security by requiring two independent pieces of information for
authentication.
•
Reduces the risk posed by weak user passwords that are easily cracked.
•
Minimizes the time administrators spend training and supporting users by providing a
strong authentication process that is simple, intuitive, and automated.
How Does Two-Factor Authentication Work?
Two-factor authentication requires the use of a third-party authentication service, or two
separate RADIUS authentication servers.
With two-factor authentication, users must enter a valid temporary passcode to gain access. A
passcode consists of the following:
•
The user’s personal identification number (PIN)
•
A temporary token code or password
When two RADIUS servers are used, the second stage PIN or password can be sent to the user
via SMS or email. NetExtender login and Secure Virtual Assist both provide extra challenge(s)
for entering it.
When a third-party authentication service is used, it consists of two components:
•
An authentication server on which the administrator configures user names, assigns
tokens, and manages authentication-related tasks.
•
Physical tokens that the administrator gives to users which display temporary token codes.
Users receive the temporary token codes from their RSA or VASCO token cards. The token
cards display a new temporary token code every minute. When the RSA or VASCO server
authenticates the user, it verifies that the token code timestamp is current. If the PIN is correct
and the token code is correct and current, the user is authenticated.
Because user authentication requires these two factors, the dual RADIUS servers solution, the
RSA SecureID solution, and the VASCO DIGIPASS solution offers stronger security than
traditional passwords (single-factor authentication).
Supported Two-Factor Authentication Providers
RSA
RSA is an algorithm for public-key cryptography. RSA utilizes RSA SecurID tokens to
authenticate through an RSA Authentication Manager server. RSA is not supported on all
hardware platforms and is supported via RADIUS only.
VASCO
VASCO is a public company that provides user authentication products. VASCO utilizes
Digipass tokens to authenticate through a VASCO IdentiKey server. VASCO is supported on
all SRA platforms.
VASCO Data Security delivers reliable authentication through the use of One Time Password
technology. VASCO IdentiKey combined with Dell SonicWALL SRA and firewall VPN
appliances creates an open-market approach delivered through VASCO IdentiKey technology.
VASCO IdentiKey allows users to utilize the VASCO DIGIPASS concept that uses One Time
Passwords that are assigned for time segments that provide easy and secure SRA remote
access. The One Time Password within the authentication request is verified on the VASCO
IdentiKey. After verification, a RADIUS access-accept message is sent to the SRA server for
authentication.
Содержание PowerEdge 4200 Series
Страница 1: ... 1 SRA 6 0 Administrator s Guide ...
Страница 10: ...10 SRA 6 0 Administrator s Guide ...
Страница 128: ...128 SRA 6 0 Administrator s Guide ...
Страница 176: ...176 SRA 6 0 Administrator s Guide ...
Страница 190: ...190 SRA 6 0 Administrator s Guide ...
Страница 212: ...212 SRA 6 0 Administrator s Guide ...
Страница 228: ...228 SRA 6 0 Administrator s Guide ...
Страница 342: ...342 SRA 6 0 Administrator s Guide ...
Страница 356: ...356 SRA 6 0 Administrator s Guide ...
Страница 358: ...358 SRA 6 0 Administrator s Guide ...
Страница 392: ...392 SRA 6 0 Administrator s Guide ...
Страница 416: ...416 SRA 6 0 Administrator s Guide ...
Страница 426: ...426 SRA 6 0 Administrator s Guide ...
Страница 436: ...436 SRA 6 0 Administrator s Guide ...
Страница 438: ...438 SRA 6 0 Administrator s Guide ...
Страница 439: ... 439 ...
Страница 440: ......