Symantec VIP Overview
Symantec VIP Overview
Symantec VIP OverviewTable of ContentsAbout this guide.6What is the VIP Authentication Service?. 6What is strong authentication?. 6What are credentials?.7Using a credential. 8Using one credential with multiple sites. 8Credential types.8Time-based credentials. 8Hardware security tokens. 8VIP Access for Mobile credentials.9Event-based credentials.9Security cards. 10Related resources. 10Documentation.10Files. 10Integration guides and binaries.11Planning for your VIP Authentication Service deployment.12How to plan for VIP Authentication Service. 12Impact of VIP credential deployment.12Creating a Product Marketing plan. 13Defining the credential rollout scope. 13International, Domestic user base. 13User access channels.14Selecting applications. 14Defining credential fulfillment strategy. 14Out-sourced.15In-house.15Creating a Marketing Program for VIP credential rollout. 15Marketing two-factor authentication. 15Educating users about credentials.16Educating users that credentials are available.16Educating users on how to order a credential. 16From the web site.16From the Help desk. 16Defining credential branding. 16Design credential branding - VIP Authentication Service branded or co-branded. 172
Symantec VIP OverviewDefining credential shipment packaging. 17Choosing an envelope. 17What should be printed on the envelope. 17What’s inside the envelope.17Designing a One-sheet Brochure or Instruction Sheet. 17Shipment Planning. 18Creating Policies and Procedures for Credential User Interaction.18Ordering a VIP Credential. 18How does the user order a VIP credential?.19What do you do when a user orders a VIP credential?.19Activating a VIP Credential. 19How does a user activate a VIP credential?.19What do you do when a user has received a VIP credential and asks you to activate it?. 19Logging in with a VIP Credential.19What does the user do to log in with a VIP credential?. 19What do you do when a user logs in with a VIP credential after activating it?. 20What do you do if a user logs in with a VIP credential that isn’t yours?. 20What do you do if a user shares a VIP credential?.20Handling Credential Validation Errors.20What does the user do when attempting to log in with a VIP credential and the authentication fails?. 20What do you do when a user can’t log in with a VIP credential after activating it?.20Forgotten Credentials.20Lost or Broken Credentials. 21Providing Temporary Security Codes. 21Defining Business Requirements for Credential Rollout.21Developing a Security Policy. 22Set Security Policies. 22Security Policy Considerations. 22Mitigating Risk.22Legal and Risk Management. 22Developing a Privacy Policy. 22Defining Technology Requirements. 22Defining Network Operations Requirements. 23Resource and Capacity Planning. 23Hardware Procurement. 23Network Security. 24Ordering Pilot Credentials.24Planning for Help Desk Integration to Support Credentials.24VIP Help Desk User Functions.24Choosing a Help Desk Implementation. 243
Symantec VIP OverviewDeveloping with the Web Services API.25Using VIP Manager.25Developing a QA Plan for Validation and Test.25Planning for Back-end Integration for Credential Fulfillment. 25Allocating Resources for Development and QA. 25Usability. 25Network Operations.26Integrating Credential Fulfillment Functions. 26Creating a Support Plan for VIP Authentication Service.26Identifying Support Resources.26Identifying Support Staff.26Support Training Plan. 27Defining a Support Policy. 27Defining Support Channels. 27Defining Support Scope. 27Providing Expertise to Support Credentials.28Defining the Customer Support Role.28Security Considerations. 29About Facility Security. 29Potential Security Targets with VIP Authentication Service. 29Recommended Best Practices.30Authentication. 30VIP Authentication Service Machine Security. 30Credential Security. 30Supporting and Maintaining VIP Authentication Service. 32Support Preparation.32Support and Maintenance Tasks. 32Describing Credentials to Your Users. 32Sample FAQ. 32Why should I use the hardware credential?.32What exactly is the hardware credential?. 33How do I use the hardware credential?. 33Will it work with my computer?. 33How does the hardware credential work?.33What if I lose or break my hardware credential?. 33Where should I keep my hardware credential?. 33How much does it cost?. 33Support Processes.34Login Support. 344
Symantec VIP OverviewActivation Support. 34Validation Support. 34Synchronization Support. 35Providing Users with Temporary Security Codes. 35Hardware Credential Shipping Support. 35Restoring a Locked Out User. 35Managing Credentials (Hardware Security Tokens or Security Cards). 35Managing Credential Distribution. 36Maintenance Preparation.36Renewing Your Account.36Copyright Statement. 375
Symantec VIP OverviewAbout this guideThis document includes a high-level description of VIP Authentication Service and how it can be used. It describes the VIPAuthentication Service, its planning recommendations, uses, and deployment methods. This document also describes theVIP Authentication Service components, and architecture.This guide is intended for users of all levels. It is the “read me first” book for administrators and IT personnel in yourorganization who install the VIP Authentication Service and roll it out to end users. This overview is intended for readerswho are involved in the organization, development, planning of the VIP Authentication Service deployment process.What is the VIP Authentication Service?VIP Authentication Service is a comprehensive solution that provides identity protection for consumers interacting online.VIP Authentication Service integrates with your existing Web site to strengthen and streamline your network security andhelp prevent account takeovers.Users are provided with a more secure login that employs strong authentication, including factors such as hardwaresecurity tokens, security cards, and Mobile Access credentials which, in addition to username and passwordauthentication, keep unauthorized users out of your network.NOTEA token is another word for a credential (a security application stored on a hardware security device, securitycard, mobile phone, or computer). A one-time password (OTP) is another word for a security code (a uniquecode that a credential generates to protect an end user’s identity).What is strong authentication?Single-factor authentication uses passwords alone. With VIP Authentication Service in place, users can more securelylog in to virtually any application on any network through a two-factor authentication process. VIP Authentication Serviceadds a layer of security by requiring users to employ a credential such as a hardware security token or security card, or aMobile Access credential to access online accounts, in addition to a username and password.Two-factor authentication virtually eliminates security problems associated with using passwords alone. A common formof two-factor authentication is a bank debit card. To purchase something using your debit card, you provide something youknow (your PIN) with something you have (the debit card itself).A potential attacker needs both your PIN and debit card, and without possession of both these factors your account isprotected from unauthorized use. Typical authentication factors are:Table 1: Authentication factorsDefinitionExampleWhat you knowPasswords, ATM PINWhat you haveHardware security token, security card, debit card, mobile deviceWho you areFingerprint, iris scanCredentials detailed in this guide and supported by the VIP Authentication Service can include hardware security tokens,security cards, or mobile devices.6
Symantec VIP OverviewVIP Authentication Service allows users to authenticate themselves before accessing your secured Web sites. Whileusernames and passwords can be guessed or otherwise discovered, only users have access to the physical credentialthat generates the security code.What are credentials?Your organization provides users with credentials. All credentials generate security codes, and some types also havea USB connector and storage capacity for digital certificates, encrypted data, or both. Each time users log in to aparticipating Web site, they must enter their username, password, and a new security code to authenticate. Becauseusers generate a security code only when they need to access their accounts, unauthorized users cannot guess orotherwise discover the security code as they might with a traditional password. If a credential is lost or stolen, anunauthorized user must still enter a username and password for any registered member Web site, before an unauthorizeduser could access a user’s accounts, making the credential useless for unauthorized access. The following figureillustrates the VIP Authentication Service authentication process.The VIP Authentication Service validates security codes that the hardware credential generates. Each time a userauthenticates, the user first enters a standard password, then generates a security code using the credential.A number displays on the credential. Users input the security code into the Web application to authenticate themselves aslegitimate users.A VIP Authentication Service credential consists of both a shared secret or shared key and a unique VIP AuthenticationService credential identification. The shared secret or shared key is protected by, and/or embedded in, a device in thephysical possession of an end user. The VIP Authentication Service credential ID is a string of numbers and letters up to12 characters which identifies the VIP Authentication Service credential itself.The VIP Authentication Service credential secret is known both to the device and Symantec. Using a known cryptographicalgorithm process, the VIP Authentication Service credential generates a security code. The security codes generated bythe device can then be compared to the value generated for that device at Symantec, and if the values are the same, theVIP Authentication Service credential is validated. The VIP Authentication Service credential is anonymous and provides asecond authentication factor when it is bound to a local user identity at a VIP Authentication Service Member’s Web site.The VIP Authentication Service Network is designed to support multiple types of devices that include VIP AuthenticationService credentials. VIP Authentication Service credentials may come embedded in dedicated security hardware devices(such as hardware security tokens) and can also be embedded into consumer-oriented devices, such as mobile phones,flash storage devices or credit cards. The VIP Authentication Service Network supports OATH (Initiative for OpenAuthentication) compliant as well as other second-factor authentication credentials.7
Symantec VIP OverviewUsing a credentialA credential protects users’ online accounts at any member Web site on the VIP Authentication Service Network. A usercan protect their online transactions at any member Web site that displays the VIP Authentication Service logo using theirVIP Authentication Service credential.As a security precaution, a user credential may be temporarily disabled if the wrong security code is entered too manytimes during a session, or if a user has not used their credential for over an extended period of time, or the credential islost or stolen. If a user is unable to use the credential to access their account, the VIP member should authenticate theuser through other means.Using one credential with multiple sitesUsers can use the same credential at any participating member of the VIP Network. Participating members display theVIP logo on their sites. Users must register their credential at each member Web site where they have an account toprotect their online identity.Credential typesVIP Authentication Service credentials are either time-based or event-based. Time and event-based credentials can takethe following forms: Hardware security tokens and VIP Access for Mobile credentials are time-based credentials Security cards are event-based credentialsAll credentials generate and display security codes. These security codes are used to authenticate the credential owner tosecured resources on the network.Your customers can purchase credentials from other vendors, so they may have different credential types than you offer.Time-based credentialsHardware security tokens and VIP Access for Mobile credentials are time-based, and validate security codes for a specificperiod of time.NOTETime-based credentials may not properly calculate the time if they are left in environments with extremetemperatures. You may need to replace time-based credentials that have been exposed to extremetemperatures.Hardware security tokensA hardware credential is a physical hardware device that generates security codes for authentication.When a user presses the button on a hardware credential, a security code appears on the display. A user must wait brieflybefore he or she can press the button again and view another security code.Hardware token shows the front and back of a hardware credential. Because your customers can purchase credentialsfrom other vendors, the actual credential may vary from this illustration.8
Symantec VIP OverviewVIP Access for Mobile credentialsA VIP Access for Mobile credential is an application that a user can download to a mobile device. After a user downloadsVIP Access for Mobile, the user’s mobile device can generate security codes similar to a hardware security token.VIP Access for Mobile credentials shows the credential on various mobile phone models.Event-based credentialsSecurity cards are event-based. Event-based credentials generate new security codes when users press the credential’sbutton.9
Symantec VIP OverviewNOTEIf a user presses the button too many times, the credential may need to be reset.Security cardsA security card is a hardware device the size and shape of a credit card.When a user presses the button on a security card, a security code appears in the upper-right corner of the card. The usercan press the button again to generate a new security code after the display clears.Security card shows the front of a security card.Related resourcesObtain the following additional resources from the VIP Account Management Download Files link of VIP Manager.These resources are required to install and run VIP Authentication Service with Web Services.DocumentationIn addition to this guide, VIP Authentication Service includes documentation on all aspects of the VIP AuthenticationService, including: Symantec VIP Release Notes provide information on known issues and solutions at the time of this release. Symantec VIP Web Services Developer’s Guideand Symantec VIP User Services Developer’s Guide provide information required to configure secure two-factor authentication with many common third-party applications usingVIP's Web Services APIs.VIP Member Site Guide provides information requir
Symantec VIP Overview About this guide This document includes a high-level description of VIP Authentication Service and how it can be used. It describes the VIP Authentication Service, its planning recommendations, uses, and deployment methods. This document also describes the VIP Authentication Service components, and architecture.
Step 1: Install Symantec VIP desktop app on your PC If you already have Symantec VIP installed on your PC, you can move on to Step two: Set up Symantec VIP in Universal ID. 1. Visit the Symantec VIP website. 2. Click Download. Under VIP Access for Computer, select your Operating System (Windows or
VIP Access Desktop Application . A new six-digit security code is generated every 30 seconds. MAT users may install up to three Symantec VIP Access applications to their desired devices. A different Symantec Credential ID is assigned for each Symantec VIP application
Alternative Symantec VIP Access App, aka a Mobile Soft Token . Hard tokens are City National's standard token device. However, you may opt to use the Symantec Mobile App available in the iPhone and Android App Stores. Instruct users to download the free Symantec VIP Access Mobile App. Within the App Store, search for Symantec VIP Access and .
4. VIP Enterprise Gateway returns an Access Accept Authentication response to Symantec Privileged Access Manager. 5. As the second part of the two-factor authentication process, Symantec Privileged Access Manager sends username and the password to the AD/LDAP directory configured in Symantec Privileged Access Manager. 6
Birthday Party Packages and rolled them into one extreme party! The VIP Birthday Bash!! VIP BIRTHDAY BASH F.A.Q. Q. What day can I book a VIP Birthday Bash Package? A Birthday Bash Party Packages are exclusively offered only on Sundays. Q. What is the timeframe for the VIP Birthday Bash?
3 The VIP Enterprise Gateway validation server instructs VIP Service to send a push to the credential associated with the user. 4 If the user has a VIP Access for Mobile credential that is enabled for VIP Access Push authentication, a push sign-in request is sent to the mobile device. The user taps Allow/
Symantec VIP Access Installation Guide Prepared: 08 Nov 2015 Version: 1.0 4 3 Installing the software token on smartphones a) Search for “Symantec VIP Access” in Google Play or Apple App Store. b) Download and install the application on the smart phone. c) File Size: 529KBPage Count: 10
AutoCAD 2000, 2000i & 2002 System Variables Highlighted numbers are preferred or standard Variables pertain to all versions except where noted (200XX) System Variable Command(s) affected _PKSER Environment (Read-only) Type: Integer Saved in: Registry Returns the serial number assigned to AutoCAD ACADLSPASDOC TOOLS/OPTIONS Type: Integer Saved in: Registry Initial value: 0 Controls whether .
