Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Authenticating Web site users

Authenticating Web site users

The next diagram illustrates a scenario where Defender is configured to authenticate the users who access Web sites hosted on Microsoft Internet Information Services (IIS).

 

In this scenario, the Defender ISAPI Agent must be deployed on the Web Server that hosts the Web sites to be secured with Defender. The ISAPI Agent acts as an ISAPI filter and requires users to authenticate via Defender in order to get access to the Web sites hosted on the Web Server.

Authenticating users of Windows-based computers

Authenticating users of Windows-based computers

Defender can also be configured to authenticate users when they sign in to their workstations running the Windows operating system.

 

To implement this scenario, you need to install and configure a component called the Defender Desktop Login on each Windows workstation whose users you want to authenticate via Defender.

Deploying Defender

Deploying Defender

This section describes how to install Defender for the first time. Before you start, make sure that:

  • The target computer is in a safe location  The computer on which you plan to install the required Defender features is in a secure location to which you have physical access, has TCP/IP installed and static IP address, and meets the applicable system requirements described in the Defender Release Notes.
  • The account under which you plan to install Defender has sufficient permissions  The account under which you will be running the Defender Setup must be a member of the local administrators group. To install the Defender Management Portal, this account must also have the permissions to create and delete child Active Directory objects under the computer account object corresponding to the computer where the Management Portal is installed.
  • You have prepared a service account  This is the account under which Defender will be accessing Active Directory. The Defender Setup extends standard Active Directory schema classes and attributes and defines new Defender-specific classes in the Active Directory schema. For more information about these classes and attributes, see “Appendix C: Defender classes and attributes in Active Directory” in the Defender Administrator Guide.

    The service account must have the following permissions:

    • Create and modify Active Directory classes and attributes in the forest schema. By default, members of the Schema Admins group have these permissions.
    • Create and modify control access right objects in the forest configuration container. By default, members of the Enterprise Admins group have these permissions.
    • Create organizational units in the specified Active Directory domain. By default, members of the Domain Admins group have these permissions.

You can install Defender on physical computers or virtual machines. To install Defender for the first time, complete the following steps:

By completing these steps, you get a base Defender configuration which you can then extend to suit your needs. For example, you can extend the base configuration to do the following:

  • Authenticate users who access you company’s resources via VPN. For more information, see “Securing VPN access” in the Defender Administrator Guide.
  • Authenticate users when they access Web sites hosted on Microsoft Web Server (IIS). For more information, see “Securing Web sites” in the Defender Administrator Guide.
  • Authenticate users when they sign in to their Windows-based computers. For more information, see “Securing Windows-based computers” in the Defender Administrator Guide.
  • Authenticate users when they access a PAM-enabled service in UNIX or Linux. For more information, see “Securing PAM-enabled services” in the Defender Administrator Guide.

Step 1: Install required Defender components

Step 1: Install required Defender components

To install the required Defender components

  1. In the Defender distribution package, open the Setup folder, and run the Defender.exe file.
  2. Complete the Defender Setup Wizard to install the required Defender components.
  3. For more information about the wizard steps and options, see Defender Setup Wizard reference.
Documentos relacionados