Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Securing Web sites

You can use Defender to secure access to websites hosted on Microsoft Web Server (IIS). For that you need to use the Defender component called the ISAPI Agent.

 

The ISAPI Agent acts as an ISAPI filter and requires users to authenticate via Defender in order to get access to the websites hosted on IIS.

Installing ISAPI Agent

Installing ISAPI Agent

To install ISAPI Agent

  1. Under a local administrator account, run the DefenderISAPIAgent.exe file supplied with the Defender distribution package.
  2. Follow the steps in the wizard to complete the ISAPI Agent installation.
  3. On the completion page of the wizard, select the Start Defender ISAPI Agent Configuration tool check box to configure the agent.

    For more information about available configuration settings, see Configuring ISAPI Agent.

Configuring ISAPI Agent

Configuring ISAPI Agent

To configure ISAPI Agent

  1. On the computer where the ISAPI Agent is installed, run the Defender ISAPI Agent Configuration tool.
  2. In the dialog box that opens, specify the ISAPI Agent settings, and then click OK.

The dialog box looks similar to the following:

 

DSS Parameters tab

On this tab, specify the Defender Security Servers to which you want the ISAPI Agent to connect. You can use the following elements:

  • Defender Security Servers  Use this area to set up a list of the Defender Security Servers to which you want the ISAPI Agent to connect.
    • Add  Adds a new entry to the list. After adding a new entry, edit its properties in the Edit DSS Entry area.
    • Remove  Removes the selected entry from the list.
  • Edit DSS Entry  Use this area to specify or edit the name, address, port number, and shared secret of the Defender Security Server to which you want the ISAPI Agent to connect.
    • Name  Type the name of the Defender Security Server you want to use for user authentication.
    • Address  Type the IP address of the Defender Security Server.
    • Port  Type the communication port number configured on the access node you want the ISAPI Agent to use.
    • Shared Secret  Type the shared secret configured on the access node you want the ISAPI Agent to use.

Protected Sites tab

On this tab, select the check boxes next to the websites you want to protect with Defender. By default, Defender protects the whole website. If you want to protect only some parts of the website, use the default.acl file located in the ISAPI Agent installation folder. This file contains two sections where you can list parts that should and should not be protected. When specifying the website’s parts, use relative URLs.

Accessing Protected Website

Accessing Protected Website

To access protected website

  1. Using any supported browser, access the protected website. On the Login page, enter your user name and click Sign in.

  1. In the example below, users are required to authenticate themselves by entering their passcode. The authentication type depends on how the Defender policy has been configured. For example, if Defender is configured to use a token policy, the Enter Synchronous Response prompt will be displayed.

  1. If users have entered a valid response, they will be authenticated and permitted to access the website.
Documentos relacionados