Proactive Management of Federation using ELK

Slides:



Advertisements
Similar presentations
Implementing Tableau Server in an Enterprise Environment
Advertisements

COI Architecture? Web Enabling Standard Patient-Model Searches in Disparate EMR Systems By Dan CorwinDan Corwin November 2007.
GT 4 Security Goals & Plans Sam Meder
Strong Mobile Authentication in Finland (MPKI, WPKI) Special Discussion Topic Kantara Initiative Telco Identity Working Group Prepared by: Keith Uber Ubisecure.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
MONITORING TOOLS Open Source Security Tools to monitor your network.
Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
JIRA Defect Tracking Tool Tool to Record, Track and Resolve Issues, Bugs, Defects, Improvements and New Feature Requests LIGO-G M.
4/20/2017 7:57 PM.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.
Identity Management Report By Jean Carreon and Marlon Gonzales.
SharePoint 2010 Pragmatic implementation and use at a corporate level Carol Van der Donck.
Windows Azure Team 9 Ben Holland Bao Nguyen Eric Petrowiak Barret Schloerke.
Vantage Report 3.0 Product Sales Guide
Tim Bell 24/09/2015 2Tim Bell - RDA.
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
+ Logentries Is a Real-Time Log Analytics Service for Aggregating, Analyzing, and Alerting on Log Data from Microsoft Azure Apps and Systems MICROSOFT.
Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.
Splunk Enterprise Instructor: Summer Partain 3 Day Course.
F5 APM & Security Assertion Markup Language ‘sam-el’
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
Monitoring and Accounting for AAI - Courtesy of RAPTOR, AMAAIS Rhys Smith, Cardiff University/JANET(UK) TNC 2011.
SQL Database Management
Wataru Takase, Tomoaki Nakamura, Yoshiyuki Watase, Takashi Sasaki
Detecting Web Attacks Using Multi-Stage Log Analysis
SharePoint Authentication and Authorization
Access Policy - Federation March 23, 2016
Architecture Review 10/11/2004
Splunk log management Andrijana Todosijevic
Using Your Own Authentication System with ArcGIS Online
eduroam Managed IdP - Roadmap
Centralised logging using RSYSLog
Backdooring enemies with a Proxy …..
Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….
Federation made simple
OpenLegacy Training Day Four Introduction to Microservices
WinCC-OA Log Analysis SCADA Application Service - Reporting
Identity Federations - Overview
Federated IdM Across Heterogeneous Clouding Environment
Radius, LDAP, Radius used in Authenticating Users
Introduction to SQL Server 2000 Security
Introduction to Microservices Prepared for
Shibboleth Implementation in EZproxy
ESA Single Sign On (SSO) and Federated Identity Management
NetFlow Analysis with Elastic Stack
GALILEO Approach and implementation
smartmail & smartportal: Introducing Two-Factor Authentication
Get your ETL flow under statistical process control
End to End Monitoring Solution using Open Source Technology where webMethods 9.10 is used as ESB IBM Confidential.
The ELK stack - get to know logs
Designed for powerful live monitoring of larger installations
Academic Map Report And Exhibition Group24.
Learn ELK in Docker in 90 minutes
Capabilities Enabled.
Fast-Track UiPath Developer Module 10: Sensitive Data Handling
Building a minimum viable Security Operations Centre
Presentation transcript:

Proactive Management of Federation using ELK Yasvanth Babu HEAnet ELK – Elasticsearch, Logstash, Kibana

About me… System administrator at HEAnet Team - Edugate Interest... Explore new things. February 19, 2019

Agenda Aim, Problem statement. Edugate and Elasticsearch. Outcomes. Demo. Q&A. February 19, 2019

Aim To Generate yearly stats on Edugate Usage. Increasing or decreasing. To find popular services in Edugate and who makes better use of Edugate. February 19, 2019

Legacy system Open-source. Used mainly to parse authentication events. Build at Cardiff University. Used mainly to parse authentication events. IDP, OpenAthens and Ezproxy. HEAnet used raptor to generate IDP audit statistic. February 19, 2019

Raptor Architecture. February 19, 2019

Stats February 19, 2019

Problem Raptor code was not actively maintained. New code base will be released soon. rrdtool graphs not interactive. Lack in self-service and real-time auditing. Very slow performance. February 19, 2019

Edugate And Elasticsearch A graph/stats system built on top of Elastic Stack. Elasticsearch. Distributed Search engine. All data’s are indexed. Logstash. Pipeline processing. Kibana UI, Visualize your data. Charts, Maps, Time-series February 19, 2019

New stats system February 19, 2019

February 19, 2019

Achieved... To Generate yearly stats on Edugate Usage. To find popular services in Edugate and who makes better use of Edugate. February 19, 2019

Addressed the problems that aren't noticed for months February 19, 2019

Additional outcomes... Edugate Access Audits: No attributes released. Important journals. Ligo, Clarin, Niche-resources. Suspicious Logins. Compromised Accounts. Misconfigured SP. Sharing of credentials. Service Activity. Login predictions. Real-time alerts. February 19, 2019

What data? 52.51.67.68 ------------------------------------------------------------------------------------------------------------------>>> IP address Idp1.heanet.ie ---------------------------------------------------------------------------------------------------------------->>> Host 20180607T232814Z --------------------------------------------------------------------------------------------------------->>> Timestamp urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect -------------------------------------------------------------->>> Request Binding _85b888a75ac583060cf1489768d20a15 ----------------------------------------------------------------------------->>> Request ID https://edugate.heanet.ie/shibboleth ------------------------------------------------------------------------------->>> Relying Party ID http://shibboleth.net/ns/profiles/saml2/sso/browser ------------------------------------------------------------>>> Message Profile ID https://idp.heanet.ie/idp/shibboleth ----------------------------------------------------------------------------------->>> Asserting Party ID urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST ----------------------------------------------------------------->>> Response Binding _8c804d811a89b8fbfb79b462bf65f76e ----------------------------------------------------------------------------->>> Response ID Joe.bloggs -------------------------------------------------------------------------------------------------------------------->>> User Name urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport ---------------------------------------->>> AuthMethod eduPersonPrincipalName,email ---------------------------------------------------------------------------------------->>> Released Attributes AAdzyuWqsRuNM5ySZ2I724XTrL2/MzmvJU= ------------------------------------------------------------------------>>> Name Identifier _79ff78ddfba9a21d38401c06e19e163f ------------------------------------------------------------------------------->>> Assertion ID February 19, 2019

Self-service Kibana lacks in Multi-tenant. Security Anonymize usernames. Shard access. February 19, 2019

Searchguard Security Add-on for ELK Stack. Encryption. Authentication. LDAP/AD, Kerberos, Host-Based, JWT and SAML . Multi-tenancy. Based on user roles. Centralized User ACL Index. Licensing. Community, Academic and Enterprise February 19, 2019

Future work Learning analytics. Automation. Can Integrate with: IDP, Eduroam and VLE ( moodle). Automation. Resource registry. Can Integrate with: Netflow, Application data, Web-filter data. Machine learning. February 19, 2019

Summary... Multi-tenant Stats system. Real-Time Auditing and Analyzing. Alerting System. February 19, 2019

Demo... February 19, 2019

Questions ? February 19, 2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.