How to configure RSA SecureId 130 Appliance to integrate with Active Directory
In this lab we will configure the RSA SecureID 130 appliance to integrate with AD and allow users to login using their tokens to AD, here are the steps to setup the appliance:
Setting up the Device:
the RSA appliance can be setup either as primary or secondary, the primary mode if either standalone or used in conjunction with the secondary one to provide HA, in our setup we will setup the primary device.
setting up the device is fairly simple, connect the device to the network, it comes pre-set with the IP 192.168.100.100, you will connect to that IP and set it up:
the wizard walks you through the initial setup wizard, where you import license file that came with the appliance, set the date and time, set the OS password, set the superadmin password, configure networking, after that it will take around 10 minutes to setup the device and reboot to start with the new configuration.
once rebooted, you can login to the operations console, you can access it using any web browser and browse to: :7072/operations-console">https://<IP Address>:7072/operations-console
once you login and to integrate with AD, you need to configure identity sources, to do so go to Manage Identity Sources .
Click on add new identity source
the add new identity source wizard opens, and it allows you to add your identity source, in our case we are using Microsoft Active Directory, enter the AD information including a dedicated username and password to connect and manage AD (in this lab I am using the administrator account please make sure to use a dedicated account in production environment), and click on test connection to verify your settings.
once successfully, you will be prompted with map wizard, this wizard will allow you to map AD attributes to AD (make sure not to include user base DN or Group base DN if you are adding a global catalog) confirm the attribute mapping and click next
now you will have your identity source configured
now you will login to the security console, and configure the realm,
now go to Realm management and create a new one for the AD or choose edit and include AD in the existing realm
now from the security console, you can go for token management and search for your tokens that you have imported you will find them in the console
now you can search for a user and assign the token to him
the final step is to install the RSA client on the machine the user will login (local machine or XenApp Server for example), once the client installed it will disable the AD password login and will require the user to login using the token, these settings can be set using GPO or registry.
Note: for some reasons the latest version of the client didn’t work with me so I used the previous version which worked great, but it requires registry editing to enforce RSA login GINA.
hope that this quick guide helped you out.
Your Social Presence and Community responsibilities in relation to scams
Social Media usage is increasing dramatically, it is a fact and no one can deny it, even a lot of corporates encaurages Social Media use during work with a lot of recent studies that proves major losses within corporates that ban the use of SM.
But with increased use of SM usage there are lot of security threats that comes within that, a lot of recent scam messages appeared lately on Facebook, and last week I started noticing same scam messages on LinkedIn as well.
not mentioning the security threat associated with those scams for stealing your personal infomration, there are 2 factors captured my attention, 1) your social image, 2) your community responsibilities.
A lot of us uses the social media to enhance his image and demonstrate his expertise within the perimeter of his friends/colleagues and cross the barriers to reach other organizations and professional through out the world, but what will happen to this image and efforts when your friends or connections see you sharing sexual contents, posting inappropriate contents or worst inviting them to do the same or visit specific page that displays those contents.
Of course you are not the one who is posting or sending those messages, it is the damn scam who tricked you to click somewhere and “baaam” all of your contacts and connections are receiving these messages, but don’t you see the risk?.
What will happen if you are trying your best to be a celebrity within your fields and your fans, followers, friends and worst boss gets those, all of your efforts will be gone in vain.
What will happen if you are considered a trustworthy person and started sending those messages and posting those links and your friends and followers started to get infected as well because they trusted you.
In my opinion, there is a specific but unmeasured responsibility for your usage for social media either for fun or professionally, you should be aware that not every message you can post and not every received link you can click, again this is not measured but definitely it is there and you should be aware of that.
I am posting this to all of my friends who are unintentionally sending and posting those spam messages, because it damages your social image and online credibility.
stay safe…