Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Configuring Defender

Configuring Defender

To configure Defender, you need to complete these steps:

Step 1: Configure an Access Node

Step 1: Configure an Access Node

To configure an Access Node

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane, expand the appropriate domain node, and then expand the Defender node
  3. In the left pane, right-click Access Nodes, from the shortcut menu, select New | Defender Access Node.
    1. Complete the wizard to configure the Defender Access Node.
      • On the Enter a name and description for this Access Node page, type a descriptive name and description for the Access Node.
      • On the Select the node type and user ID type for this Access Node page, use the following options:

      Node Type  From this list, select Radius Agent. This enables the RADIUS protocol for communications between Cisco ACS devices and Defender. Note that the RADIUS protocol is transmitted over UDP and uses port 1645 or 1812.

      User ID  From this list, select the user ID type you want to use.

      • On the Enter the connection details for this Access Node page, use the following options:

      IP Address or DNS Name  Specify the Cisco AAA Server by entering its IP address or DNS name.

      Port  Type the port number through which you want this Access Node to connect to the Defender Security Server. You must specify the same port as the one you entered in the Server Authentication Port text box in Step 1: Create an AAA server group, add Defender Security Server.

      Subnet Mask  Keep the default subnet mask.

      Shared Secret  Type the same shared secret you entered in the Server Secret Key text box in Step 1: Create an AAA server group, add Defender Security Server.

Step 2: Specify users or groups for the Access Node

Step 2: Specify users or groups for the Access Node

In this step, you specify the users or groups who will use the configured Access Node to authenticate via Defender.

To specify users or groups for the Access Node

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. Open the properties of the Access Node you have configured:
    1. In the left pane, expand the domain node, expand the Defender node, and then click to select Access Nodes.
    2. In the right pane, double-click the Access Node.
  3. In the dialog box that opens, use the Members tab to add the users or groups to the Members list.
  4. When you are finished, click OK.

Using Defender VPN Integrator

Using Defender VPN Integrator

Defender VPN Integrator is a tool that makes it very easy for remote users to utilize all the benefits of both VPN technology and the secure, two-factor authentication provided by Defender. Defender VPN Integrator simplifies the authentication process by integrating with the installed Defender Soft Token for Windows.

 

The Defender VPN Integrator is installed and configured on the end-user’s desktop, along with the Soft Token for Windows. When the user initiates a Defender protected VPN connection, VPN Integrator communicates between the Defender Soft Token for Windows and the third-party VPN client, to ensure that the secure, one-time password authentication process is handled automatically. The entire operation is seamless and very fast—only the passphrase for the Defender Soft Token for Windows is required from the user.

The guide describes how to install and configure Defender VPN Integrator within your environment.

Documentos relacionados