立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Creating a Security Policy and assigning it to the user

Follow the below steps to create a security policy and to assign it to the user:

  1. Login to the Admin OneLogin Portal.
  2. Go to Security -> Policies.
  3. Create a “New Users Policy” and under the “MFA” tab check the “OTP Auth Required” and “OneLogin Protect” option.
  4. To assign the policy that you created, go to “Users” under “Users” tab.
  5. Select the user whom you want to authenticate using OneLogin Protect Push Notification.
  6. Go to “Authentication” tab and update the policy under the “User Security Policy” option.

Obtaining an activation code from the OneLogin portal

Follow the below steps to create and activate a OneLogin token:

  1. Login to OneLogin portal with credentials whom you want to authenticate using OneLogin Protect Push Notification.
  2. Add the Security Factor and activate the token in “OneLogin Protect” App.

Securing VPN access

Remote access is the ability to get access to a computer or a network from a distant location. Employees in branch offices, telecommuters, and people who are traveling may need access to your company's network. Remote access is achieved using a dedicated line between a computer or a remote local area network and the central or main corporate local area network.

You can use Defender to authenticate your employees, business partners, and customers, whether they are local, remote, or mobile. Whether they require access through VPN to remote access applications, wireless access points, network operating systems, intranets, extranets, Web servers, or applications, Defender’s strong two-factor authentication ensures that only authorized users are granted access.

The Defender remote access environment includes the following components:

  • Remote Access Server  A remote access server is the computer and associated software that is set up to handle users seeking remote access to your company’s network. The remote access server usually includes or is associated with a firewall server to ensure security and a router that can forward the remote access request to another part of the corporate network. A remote access server may also be used as part of a virtual private network (VPN).
  • Virtual Private Network (VPN)  A VPN is an extension of a private network that encompasses links across shared or public networks like the Internet. VPN connections leverage the IP connectivity of the Internet using a combination of tunneling and encryption to securely connect two remote points, such as a remote worker and their office base.
  • Network Access Server (NAS)  The Network Access Server (NAS) acts as a gateway to guard access to a protected resource. This can be anything from a telephone network, to printers, to the Internet. The user connects to the NAS. The NAS then connects to another resource asking whether the user's supplied credentials are valid. Based on that answer the NAS then allows or disallows access to the protected resource. The NAS contains no information about which users can connect or which credentials are valid. The NAS simply sends the credentials supplied by the user to a resource which does know how to process the credentials.
  • Defender EAP Agent  Extensible Authentication Protocol (EAP) is a general protocol for authentication that also supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication and smart cards. Defender utilizes the EAP protocol to integrate its two-factor authentication into the existing user authentication process.

In this chapter:

Configuring Defender for remote access

The configuration described in this section is an example only of a basic configuration using a Cisco ASA Server.

We assume that you have installed and configured the Defender Security Server that you will later define as the AAA Server.

To configure remote access, you need to perform the following additional tasks:

  • Create and configure the Access Node that will handle access requests from remote users.
  • Assign the Access Node to the Defender Security Server that will authenticate the remote users.
  • Configure the Defender Security Policy that will determine the method and level of access, time period within which access is permitted, and lockout conditions for failed logon attempts.
  • Assign the Defender Security Policy to the Access Node.
  • Assign users or groups of users to the Access Node.
  • Configure and assign security tokens to users.
  • Configure the remote access device in your environment.

The Configuration example illustrates how to configure the Cisco Adaptive Security Device (ASDM) version 6.1 for use with Defender. The configuration procedure may vary depending on the remote access device you are using.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级