L-3 C2S2 Two-Factor Authentication User Guide (RSA SecureD Token)

C2S2 has adopted the mandatory L-3 policy for implementing two-factor authentication on all remotely accessible “non-public facing systems”. In compliance with this directive, all C2S2 employees/subcontractors, and customers who require access to such resources will receive an RSA SecureID^® token/keyfob. This token will allow remote access to various C2S2 VPN secure portals. This external method of access will be REQUIRED to access such resources as the Intranet, IBS, SharePoint, Email, etc.

Below, are brief instructions required to set up an RSA token/keyfob for system access. Please follow them precisely and contact your local IT department if there are any questions or assistance is required. The IT department may be contacted for token/keyfob-only related assistance/requests at the following email address: C2S2.Tokens@l-3com.com. All other inquiries should still be directed to the technical support mailbox: C2S2.TechSupport@L-3Com.com.

Software Prerequisites

Operating System:

Browser:

Antivirus:
Personal Firewall:

Supported: Windows XP, Vista, and Windows 7. (32-bit and 64-bit systems)
Limited Support: Linux, MacOS X
Supported: Microsoft Internet Explorer version 6, 7, and 8 with support for ActiveX plug-ins.

Use of Internet Explorer is recommended and is most compatible for resources available on the Access-East VPN)

Limited Support: Firefox and Safari (Java Runtime Environment needed for some features)
Installed with up-to-date definitions (Symantec, McAfee, Trend Micro etc.)
Enabled (optional requirement for highest-level system access)

Configuration

(Home or Remote Location)

Before starting, launch the Internet Explorer Browser and add HTTPS://*.L-3com.com to the Trusted Sites list. This site list can be found under Tools / Internet Options / Security /Trusted Sites / Sites from within Internet Explorer.
****** If you are unable to add to the “Trusted Sites list due to limited permissions on your computer then skip this step and proceed with step 2. ******
Connect to the C2S2 Access-East VPN at https://access-east.c2s2.L-3com.com using Internet Explorer.
Leave the default "Enhanced Web Mode" selected, then click Next to continue.
Enter your RSA token/keyfob Username.
If this is your first time logging into the C2S2 VPN, continue with Step 5. If you have already created a PIN, enter your Passcode and skip to Step 8.
For the Passcode, enter just the 6-digit code displayed on your token/keyfob.
You will be prompted to create a 6 to 8 digit PIN (letters/numbers only; no special characters) and re-enter the PIN.
NOTE: UNDER NO CIRCUMSTANCES SHOULD YOU WRITE DOWN YOUR PIN, SO SELECT A VERY SIMPLE PIN THAT WILL BE EASY TO REMEMBER.
THE PIN MUST BE AT LEAST 6 AND NO MORE THAN 8 CHARACTERS.
YOU WILL ONLY NEED TO CREATE YOUR PIN ONCE, WHICH WILL BE VALID REGARDLESS OF WHAT COMPUTER YOU ARE USING.
Wait for the token/keyfob code to change and enter your Passcode (your PIN followed by the new 6-digit code). If you don't wait for the code to change, your login will fail.
You may be prompted to wait while the connection is established. At this time, if you are prompted to accept certificates and install plug-ins from C2S2 and Aventail, accept these certificates. After successful login, some basic links will be presented. Links and features that are accessible will change depending on the security of the client PC that is attached. For example, a C2S2 managed asset will achieve greater access than a personal desktop.
Your token is now active.

Access to the Access-East VPN site (https://access-east.C2S2.L-3Com.com) is meant to be used for remote access ONLY, and will be blocked from inside a C2S2 WAN-connected local network (office). Use an Internet connection for access to this server.

Utilizing single sign-on is presently not available on the C2S2 VPN. The C2S2 IT department will be reviewing the feasibility of this at a later date.

Troubleshooting and Questions – Who to Contact

If a token/keyfob is lost or stolen, please IMMEDIATELY contact C2S2.Tokens@L-3Com.com and your local C2S2 security officer. If this is a weekend, please contact your group manager. A lost or stolen token/keyfob will be disabled to ensure that our systems are not at risk.
If you cannot read your 6 digit code because the display is shadowed or blank, please send email to C2S2.Tokens@L-3Com.com. You may have a damaged token/keyfob or require a battery replacement.
If you have forgotten your PIN, please contact C2S2.Tokens@L-3Com.com to have your token/keyfob returned to "new PIN mode" so that you can create a new one.
If, after successfully logging into https://access-east.C2S2.L-3Com.com, you experience problems logging into a particular internal resource, contact C2S2.TechSupport@L-3Com.com for assistance with that specific website login.
The most updated copy of this information can always be found on the C2S2 Employee Website.

L-3 Command & Control Systems and Software | 11000 Commerce Parkway, Mount Laurel, NJ 08054 | 856.439.4700

Remote Access for Employees, Customers, and Partners

This presentation consists of L-3 Corporation general capabilities information that does not contain controlled technical data
as defined within the International Traffic in Arms (ITAR) Part 120.10 or Export Administration Regulations (EAR) Part 734.7-11.

Unless otherwise noted, all photos courtesy U.S. Department of Defense.