Académique Documents
Professionnel Documents
Culture Documents
NextGen
Partner Information
Product Information
Partner Name Web Site Product Name Version & Platform Product Description NetWitness Corporation www.netwitness.com NextGen 9.0 NetWitness NextGen is an enterprise software framework that captures all network traffic and reconstructs the network sessions to the application layer for automated alerting and monitoring, and interactive analysis and review. Intrusion Detection System (IDS)
Product Category
Solution Summary
RSA SecurID authentication enhances security for NetWitness solutions by creating a trusted and secured solution for our users. The SecurID solution offers a more robust authentication method that the previous user name and password standard.
Partner Integration Overview
Authentication Methods Supported RSA SecurID Library Version Used RSA Authentication Manager Replica Support * RSA Authentication Agent Host Type for 6.1 RSA Authentication Agent Host Type for 7.1 RSA SecurID User Specification RSA SecurID Protection of Administrative Users RSA Software Token and RSA SecurID 800 Automation Native RSA SecurID Authentication Authentication Agent 6.0 for PAM Full Replica Support Net OS Standard Agent Designated Users Yes No
Authentication Manager
Product Requirements
Partner Product Requirements: NetWitness NextGen Appliance
Version 9.0
To facilitate communication between the NetWitness NextGen Appliance and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database. The Agent Host record identifies the NetWitness NextGen Appliance within its database and contains information about communication and encryption. To create the Agent Host record, you will need the following information.
Hostname IP Addresses for all network interfaces
When adding the Agent Host Record, you should configure the NetWitness NextGen Appliance as UNIX Agent Host. This setting is used by the RSA Authentication Manager to determine how communication with the NetWitness NextGen Appliance will occur.
Note: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network.
Please refer to the appropriate RSA Security documentation for additional information about Creating, Modifying and Managing Agent Host records.
4.
Configuring the PAM Agent Editing the netwitness file via command line:
1. 2. Change to the /etc/pam.d directory. Open the netwitness file in a text editor and edit the text to the following: #%PAM-1.0 #auth include auth required auth required account required password required session required system-auth pam_unix.so pam_securid.so pam_deny.so pam_deny.so pam_deny.so
3.
4.
Edit the netwitness file text to the following: #%PAM-1.0 #auth include auth required auth required account required password required session required system-auth pam_unix.so pam_securid.so pam_deny.so pam_deny.so pam_deny.so
Note: This scenario assumes that the customer will want to use a user name, password and PASSCODE to authenticate. In this scenario, it is required to create a Linux user that matches the NetWitness user created in the next section.
3.
Select the appropriate appliance from the Services column and select the green + icon in the users column.
4. 5.
6.
Finally, select the group(s) that you want the user to be a part of and click OK.
To successfully test authentication, you must use a token with a PIN that is already registered in the Authentication Manager database. Follow the New PIN procedure for proper registration. For additional information, contact your Authentication Manager administrator.
To perform a test authentication:
1. Change to the /opt/pam/bin directory. Type: ./acetest 2. Enter you user name and passcode.
If you are repeatedly denied access, contact your Authentication Manager administrator.
or
2. Enter the Server IP address or name, port, username and password.
or
3. 4.
Now the added Appliance should be listed in the Navigation Pane. Double click on the appliance to connect. You should be prompted for your password.
or
5.
After successfully entering the password, the user will be prompted to enter their passcode.
6.
10
Operating System
Windows 2003 SP2 Fedora Core 9 Fedora Core 9
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Additional Functionality
RSA Software Token Automation System Generated PIN User Defined (8 Digit Numeric) User Selectable Next Tokencode Mode RSA SecurID 800 Token Automation System Generated PIN User Defined (8 Digit Numeric) User Selectable Next Tokencode Mode Credential Functionality Determine Cached Credential State Set Credential Retrieve Credential
DRP / PAR
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
System Generated PIN User Defined (8 Digit Numeric) User Selectable Next Tokencode Mode System Generated PIN User Defined (8 Digit Numeric) User Selectable Next Tokencode Mode Determine Cached Credential State Set Credential Retrieve Credential
= Pass
11
Operating System
Windows 2003 SP2 Fedora Core 9 Fedora Core 9
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Additional Functionality
RSA Software Token Automation System Generated PIN User Defined (8 Digit Numeric) Next Tokencode Mode RSA SecurID 800 Token Automation System Generated PIN User Defined (8 Digit Numeric) Next Tokencode Mode
DRP / PAR
System Generated PIN User Defined (8 Digit Numeric) Next Tokencode Mode System Generated PIN User Defined (8 Digit Numeric) Next Tokencode Mode
= Pass
12