Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Slides:

Advertisements

Similar presentations

automated single login access to Novell storage resources

Advertisements

Implementing Tableau Server in an Enterprise Environment

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Module 5: Configuring Access for Remote Clients and Networks.

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

SIMI: ISO Perspective Al ISO CSU Northridge

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Understanding Active Directory

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Implementing Secure Shared File Access

Module 8: Managing Client Configuration and Connectivity.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Securing Microsoft® Exchange Server 2010

Oracle Application Express 3.0 Joel R. Kallman Software Development Manager.

Chapter 9: Novell NetWare

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Montcalm Area Intermediate School District Tom Staten – Billy Willis – October 13, 2011 MAEDS Session 8D.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Module 14: Configuring Server Security Compliance

TEAM Basic TotalElectrostatic ManagementAwareness&

Novell Nsure TM Identity Manager 2 andGroupWise Provisioning Art Purcell, GroupWise ® Engineering, David Holbrook, DirXML Engineering,

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Introduction to Identity Management with MIIS 2003 Steve Plank Architectural Engineer Session code.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.

Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.

 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Basharat Institute of Higher Education

Secure Connected Infrastructure

Secure Single Sign-On Across Security Domains

Welcome! To the ETS – Create Client Account & Maintenance

Configuring Windows Firewall with Advanced Security

Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.

SharePoint Online Hybrid – Configure Outbound Search

8.1 Active Directory Rights Management Services (AD RMS)

PLANNING A SECURE BASELINE INSTALLATION

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Unified Address Book Security Implications

Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize the risk Details –How do the pieces connect –How are we securing the system Future

What are we talking about Creating and maintaining a unified address book Agency control of what information gets added to the unified address book Directions on how to point clients to the central address book

What are the Risks There will be an agent or lookup account needed on the source of addresses (Active Directory, eDirectory, etc.) with read access to the attributes needed. A path will have to be created between these sources and the central store in the GTA Datacenter through the firewalls and NATing schemes. On GroupWise and Notes mail systems, a driver needs to be loaded on the agency server.

What can we do to reduce the Risk Agent – The agents take up a small footprint and been installed in a large number of systems without problems Accounts – Grant the account the minimum rights needed to work. Path – Firewall rules and/or VPNs Audit – An audit package is planned in the future to enhance the base auditing features.

Security Aspects of the Core Servers will be hardened per Microsoft’s best practices for Server The core is protected by the normal firewalls, VLANs, and ACLs All traffic is planned to be encrypted via a minimum 128 bit SSL

Details

Novell’s Nsure Identity Manager 2 is the product that we are using. It has connectors to PeopleSoft, databases, systems, RACF, Network Operating Systems and others. It has add on Auditing capabilities and a more elaborate work flow engine

Development Environment

Processing Flow Publish and Subscribe picture

Future

Agency has complete control The account creation, change, and modification is all triggered through agency actions filtered by agency specified business rules. To do provisioning, we must gather userids and passwords

Password Security The passwords will be stored encrypted by triple DES in the directories Agents encrypt passwords before transmitting them to the centralized directory No administrator can see a password in clear text.

Provisioning Eventually PeopleSoft will be tied into the provisioning system Option 1 – Create a group to signify that a user has access to an application Option 2 – Extend the LAN schema to add an attribute that indicates that this user has access to the application. First phase is userid and password synchronization for authentication only

Provisioning c ont Second phase – new applications do direct lookups in the directory to check authentication. Third phase – authorization attributes are stored in the central directory and applications use it for authentication and authorization.

What about other agencies accessing my Application There is a simple work flow engine in the base product we purchased There is an add-on product we will use in the future that can the application owner for permission to add an account.

Possible Provisioning Targets Team Georgia Statewide Asset/Fleet Management PeopleSoft online access to info like check stubs Applications hosted for one or more agencies by GTA Applications hosted by an agency for internal use only

Future The infrastructure will allow automated account maintenance or provisioning. This option is at the agency’s discretion The infrastructure being setup can allow self service options like updating phone numbers on TeamGeorgia, and password reset. The information, changed by the self service application, can be optionally updated in agency directories.