Embed Size (px)
Citation preview
Quest Defender 5.6Overview
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com email: [email protected]
Refer to our Web site for regional and international office information.
TRADEMARKS
Quest, Quest Software, the Quest Software logo and iToken are trademarks and registered trademarks of Quest Software, Inc. in the United States of America and other countries. Gridsure and the Gridsure logos are trademarks and registered trademarks of Gridlock TS Limited. All other trademarks and registered trademarks are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.
Defender Overview Updated - November 2010 Software Version - 5.6
Overview
About this Guide
• Why Defender?
• RADIUS Authentication
• Communications Protocol
• Defender Tokens
• Benefits of Defender
• About Quest Software
• Contacting Customer Support
• Example Configurations
5
Defender
Why Defender?Defender enhances security by enabling two-factor authentication to network, web, and applications-based resources. Defender was designed to base all administration and identity management on an organization's existing investment in Active Directory and eliminates the costs and time involved in setting up and maintaining proprietary databases.
In addition, Defender works with any OATH-compliant hardware token enabling organizations to select the most appropriate token for their users.
By leveraging an organization's existing investment in Active Directory and supporting multiple token vendors, Defender enables organizations to increase security and achieve and sustain compliance in a cost-effective manner.
Defender is an easy-to-install, simple-to-use product that provides strong two-factor authentication the requires something unique the user has (a security token) and something unique that the user knows (a PIN).
Figure 1: Defender Environment
6
Overview
RADIUS Authentication
Defender allows authentication by means of the RADIUS protocol for environments that include RADIUS users and/or RADIUS protected access devices.
Devices that use the RADIUS protocol for authentication must be able to communicate with the Defender Security Server on the ports that they have been configured to use.
Defender includes the facility for Vendor Specific Attributes (VSAs) to be specified in the RADIUS Payload. For further information on VSAs, refer to the RADIUS RFC at www.ietf.org/rfc.
Communications Protocol
Defender uses TCP/IP to communicate with Active Directory via LDAP on port 389.
7
Defender
Defender Tokens
Defender 5 supports the following token types:
• Authenex OATH Compliant Token
• Defender Go-3 Token
• Defender Go-6 Token
• Defender Go-7 Token
• Defender DualTok Token
• Digipass Pro 260 Token
• Digipass Pro 300 Token
• Defender One Token
• Defender Hand-Held Token
• Defender Hand-Held Token Plus
• Defender USB
• Defender Desktop Token for:
• BlackBerry
• iPhone
• Windows Mobile/iPaq
• Palm
• Windows Desktop
• GrIDsure
• Quest Soft Token for Android
• Defender SMS
• Email OTP.
Defender Token Types
A Defender token, implemented in software or hardware, helps remote users gain access to computer resources on a Defender-protected network. The process of gaining access to a secure network through the use of passwords, challenge/response methods, and synchronous methods is called authentication.
The Defender solution includes a variety of token options. All provide strong two-factor authentication.
8
Overview
Benefits of DefenderSome of the benefits that Defender brings to your organization are:
• seamless integration with Microsoft AD, using AD administration tools and techniques
• centralized administration for all Defender users
• simple migration from earlier versions of Defender with no change to end-user experience
• automated replication and backup for Defender data
• multiple points of authentication for load balancing and redundancy
• the ability for users to register and request their own hardware and software tokens using the Token Deployment System
• Defender Desktop Login for Windows
• extensive reporting facilities
• integration with other Quest products including Webthority, Quest Password Manager, ActiveRoles Server, Change Auditor and Quest Authentication Services.
About Quest SoftwareQuest Software, Inc., a two-time winner of Microsoft’s Global Independent Software Vendor Partner of the Year award, delivers innovative products that help organizations get more performance and productivity from their applications, databases Windows infrastructure and virtual environments. Through a deep expertise in IT operations and a continued focus on what works best, Quest helps more than 100,000 customers worldwide meet higher expectations for enterprise IT. Quest’s Windows management solutions simplify, automate secure and extend Active Directory, Exchange Server, SharePoint, SQL Server, .NET and Windows Server as well as integrating Unix, Linux and Java into the managed environment. Quest Software can be found in offices around the globe and at www.quest.com.
9
Defender
Contacting Quest SoftwarePhone 949.754.8000 (United States and Canada)
Email [email protected]
Mail Quest Software World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
Web site www.quest.com
Please refer to our Web site for regional and international office information.
Contacting Customer Support
Quest Software's world-class support team is dedicated to ensuring successful product installation and use for all Quest Software solutions.
SupportLink www.quest.com/support
Email at [email protected]
You can use SupportLink to do the following:
• Create, update, or view support requests
• Search the knowledge base
• Access FAQs
• Download patches
10
Overview
Example ConfigurationsThis section contains three sample Defender configurations.
Small Organization
The small business example comprises:
• upto 10 user accounts
• Defender user license
• Defender Desktop token license or Hardware Token serial numbers
• a security profile configured for userid and token login
• a single Defender access node
• a single Defender Security Server
11
Defender
Medium Organization
This section provides an overview of a typical Defender configuration within a medium sized business. This configuration example comprises:
• upto 100 user accounts
• Defender user license
• Defender Desktop token license or Hardware Token serial numbers
• one or more Defender security profiles
• two Defender access nodes
• a single Defender Security Server
12
Overview
Large Organization
This section provides an overview of a typical Defender configuration within a large enterprise. This example configuration comprises:
• 1000+ user accounts
• Defender user license
• Defender Desktop token license and/or Hardware Token serial numbers
• multiple Defender security profiles
• multiple Defender access nodes
• multiple Defender Security Servers
13
