サポートと今すぐチャット
サポートとのチャット

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

GrIDsure Token tab

This tab allows you to enable the use of GrIDsure Personal Identification Pattern (PIP) for authentication via Defender. On this tab, you can use the following options:

  • Enable GrIDsure token  Enables the use of GrIDsure PIP for authentication via Defender.
  • Pattern length between  Allows you to set the minimum and maximum length for the GrIDsure PIP.
  • Block consecutive patters (horizontal, vertial, and diagonal)  Prevents the use of simple GrIDsure PIP.
  • Expire pattern after  Causes the GrIDsure PIP to expire after the specified number of days. Use the drop-down list to set the number of days upon which you want the GrIDsure PIP to expire.
  • Use numbers in grid  Enables the use of numbers in the GrIDsure PIP.
  • Use letters in grid  Enables the use of letters in the GrIDsure PIP.
  • Grid Style  Click to configure the size of the PIP grid and the colors used in the grid.

Default Defender Security Policy

If a user is a member of an Access Node and no Defender Security Policy is applied to the user explicitly or implicitly, then a default Defender Security Policy is effective for the user.

The default Defender Security Policy is configured as follows:

  • Primary authentication method is security token.
  • User’s violation count is incremented by one after each 3 unsuccessful authentication attempts.
  • Violation count upon which the user’s account is locked is 4. Lockout duration is 3 minutes.
  • Violation count is reset each time the user successfully authenticates.
  • The user can log on 24 hours a day, 7 days a week.
  • SMS token, e-mail token, and GrIDsure token are disabled for the user.

Managing Access Nodes

An Access Node is essentially an IP address or a range of IP addresses from which the Defender Security Server accepts authentication requests. If an Access Node is misconfigured, authentication requests may not reach the Defender Security Server and the user cannot get access to the resources protected by Defender.

After creating an Access Node, you need to assign it to a Defender Security Server, specify its members (users or groups you want to authenticate through the node), and select a Defender Security Policy for the node.

Creating an Access Node

To create an Access Node

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node, and then expand the Defender container.
  3. Right-click the Access Nodes container, point to New, and then click Defender Access Node.
  4. Complete the wizard that starts to create a new Access Node.

    For more information about the wizard steps and options, see New Object - Defender Access Node Wizard reference.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択