Securing SSH Admin Access

Slides:

Advertisements

Similar presentations

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

® IGEL Technology Many functions. One device. 1 Security, April 2009 Security Thin computing secures your data.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.

IGEL Security Product Marketing Manager October 2011 Florian Spatz Thin computing secures your data.

Client Solution Secure collaboration with partners on customer initiatives and transactions Internal users push content to site without multiple authentication.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Lab 2-3 Debrief.

Netop Remote Control Trusted. Secure. Experienced.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Microcrypt Technologies SPACER Secure Physical Access Control Enhanced Reader for contactless cryptographic smart cards.

NetComm Wireless VPN Functionality Feature Spotlight.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Where and How to Access the SMB Specialization Exams.

ASA 5505 SSL VPN Joe Cicero Northeast Wisconsin Technical College.

Smart Card Single Sign On with Access Gateway Enterprise Edition

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

TOPPHONEBELGIUM.BE THE PIN CODE DATABASE. TOPPHONEBELGIUM.BE INTRODUCTION TO THE COMPANY TOP PHONE Active in telecom since 1996 Based in Antwerpen but.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

BIAB T ECHNOLOGY (B RANCH -I N -A-B OX ). A GENDA BIAB Solution Components BIAB Benefits BIAB Infrastructure.

Security Planning and Administrative Delegation Lesson 6.

1. 2 Considering the Plug-in 3 It’s incredibly easy to process transactions with your UBC Plug-in. 1. Create Payment2. Receive Payment3. Process TransactionAPPROVED!

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 2 Introduction to Routers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.0 Module 2 Introduction to Routers.

Lieberman Software Random Password Manager & Two-Factor Authentication.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.

Chapter 3: Authentication, Authorization, and Accounting

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Security Planning and Administrative Delegation Lesson 6.

How to Deploy and Configure the Smart Net Total Care CSPC Collector

Security fundamentals Topic 5 Using a Public Key Infrastructure.

The Right Access for the Right People to the Right Applications under the Right Circumstances.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.

Chapter 2: Configure a Network Operating System

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

Cisco Confidential 1 © Cisco and/or its affiliates. All rights reserved. Last Updated: April 2014 Instructions for Navigating in the Training.

1 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How Users get Access to Cisco Services Instructions for Navigating in the.

1 Pertemuan 3 Operating Cisco IOS Software. Discussion Topics The purpose of Cisco IOS software Router user interface Router user interface modes Cisco.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

ASU/City of Tempe Wireless By William E. Lewis. Agenda Goals for the project What has been done? Current functionality Where do we go from here?

1 CCNA 2 v3.1 Module 2 Introduction to Routers Claes Larsen, CCAI.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Register Get your Cisco Partner User ID.

1 Example security systems n Kerberos n Secure shell.

PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 2 Introduction to Routers.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

Windows 10 Common VPN Error Tech Support Number

Cisco AnyConnect Secure Mobility Client

Trend Micro Antivirus password Recovery number

HOW TO SETUP CISCO ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.

Understanding Cisco Router Security

WI / XA Integration with NetScaler Gateway: How it works

Security Planning and Administrative Delegation

JTLS-GO Website Downloading

Presentation transcript:

Securing SSH Admin Access Cisco Live 2014 4/25/2017 Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products

NEW Only from Cisco and Pragma The Threat: Unauthorized access to command line Stolen passwords Revoked / Expired Public Keys Spoofing the client X.509 certificate with RFC 6187 (single factor) Server side certificate validation CAC/smartcard with RFC 6187 (2 factor) Most secure authentication – Sever side certificate and PIN NEW Only from Cisco and Pragma

First end-to-end solution with Cisco and Pragma Systems Most secure Government Certified Standard RFC-6187 First end-to-end solution with Cisco and Pragma Systems For customers that need: Secure access to command line With two factor authentication Authenticate with X.509 certificate & PIN Many government , financial and healthcare institutions have significant regulatory compliance, governance and secure file access and sharing restrictions. Today’s security environment requires multi factor and secure authentication to our organizations’ most trusted secrets and data. Cisco Systems have partnered to provide the *only* government approved and FIPS certified SSH solution that provides remote and secure access to Cisco routers and switches for the ultimate in relability, access and control. Only RFC compliant solution. Before – only keys Now -- RFC 6187 -- SSH authentication with X.509 certificates. Metadata can be used -- Check Revocation, Expiration, EKU(e.g., a role) Combined with a CAC/smartcard, this permits secure 2-factor authentication and allows the server to validate certificate metadata

SSH Access with DoD Common Access Cards X.509 Authentication SSH Session Establishment Cisco SSH Server Feature Pragma Fortress CL SSH Client CAC card reader

Demonstration

To reach the router or switch, End-user starts SSH session on their PC Start SSH from “Fortress CL” Icon. Fortress CL Client

User inserts Smart Card Smart card has the user’s credentials Using CAC cards with Pragma FortressCL Card gets loaded into machine store.

User now clicks “connect button”. Start SSH from “Fortress CL” Icon.

User enters User-ID; Selects Smart Card / CAC button Click on ellipsis button

If end-user has more than one credential, he selects the certificate that he wants to use. Certificates are stored on the smart-card.

Click on connect David.S.Kulwin

End-user enters PIN. Router now has: Certificate and PIN User name SSH handshake now proceeds

SSH session starts from end-user PC to Cisco Router.

Easy to use two-factor authentication X.509 Certificates for SSH For Secure Access: Easy to use two-factor authentication X.509 Certificates for SSH Standards Compliant FIPS certified

For Further Information: Contact your Pragma representative for a demonstration or 30 day trial version Sales@pragmasys.com Contact your Cisco Systems sales representative.

4/25/2017 Cisco Live 2014