OU Passwords What they all mean. What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access.

Slides:

Advertisements

Similar presentations

Active Directory: Final Solution to Enterprise System Integration

Advertisements

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

CS603 Active Directory February 1, 2001.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

Understanding Active Directory

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

Module 2: Managing User and Computer Accounts

Distributed Computing COEN 317 DC2: Naming, part 1.

Lesson 17. Domains and Active Directory. Objectives At the end of this Presentation, you will be able to:

Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.

Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

The Directory A distributed database Distributed maintenance.

MIGRATING FROM MICROSOFT EXCHANGE SERVER AND OTHER MAIL SYSTEMS Appendix B.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols Network Fundamentals.

Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.

Security Planning and Administrative Delegation Lesson 6.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

Module 7 Active Directory and Account Management.

Knowledge Sharing Program The purpose of our knowledge sharing program is to continue the process of opening the communication lines between those who.

1 Windows 2008 Configuring Server Roles and Services.

Chapter Two Clients and Servers: Who’s the Boss?.

Application Layer Honolulu Community College Cisco Academy Training Center Semester 1 Version

By Rashid Khan Lesson 6-Building a Directory Service.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

OVERVIEW OF ACTIVE DIRECTORY

Introduction to Active Directory

Module 1: Introduction to Active Directory

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Hostway Confidential & Proprietary Introduction to Web Hosting.

The Internet What is the Internet? The Internet is a lot of computers over the whole world connected together so that they can share information. It.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

1 CEG 2400 Fall 2012 Directory Services Directory Services eDirLDAP Active Directory.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Planning an Active Directory Deployment Lesson 1.

1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Account & Google Message Center Guide August 2015 Prepared by: Angela Mars IT Education and Training.

Common Methods Used to Commit Computer Crimes

Microsoft - Managing Office 365 Identities and Requirements

Network Operating Systems Examples

Net 323 D: Networks Protocols

Network Services.

A Network Operating System Edited By Maysoon AlDuwais

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

Presentation transcript:

OU Passwords What they all mean

What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access to a computer system” ( OU passwords are associated with an OUNetID and allow access to all of the secure IT services.

Security OU passwords should be 5 to 8 characters – Special characters are allowed (e.g. [ & $ ! < / ) – The only requirement is that you cannot have a as the leading character in a password. Passwords are not perfectly secure and can be cracked. – To prevent this from happening, it is recommended that passwords use the full 8 characters and include lower and upper case letters, numbers and special characters.

Security (continued) Passwords should not be something that is easily guessed (e.g. spouses name, birthday, boomer or sooner, pet’s name) There are also word lists of pop culture subjects (e.g. all the planets in Star Trek or different types of ships in Star Wars). So it is ill advised to use a term from pop culture (or even the dictionary) as your password.

Security (continued) In an effort to prevent hackers from trying multiple passwords until they find the correct password, OU accounts on the Sooner domain will become “locked” after several failed attempts at logging into a resource. – When an account becomes locked, it is inaccessible to the customer until they contact the Helpdesk and we unlock their account.

Just one password? OU IT currently maintains several password stores – NT domains (admin, academic, sooner, ou, ounet, image) – Oracle – Old LDAP – New LDAP – CICS/TSO – Sybase – Newsgroups

NT Domain Passwords The NT 4.0 Domain Controllers store information about the computers that attach to it There are several other NT Domains on campus that IT does not maintain (SATTRN, HOUSING, ATHLETIC). The passwords for the NT domains are separate from the other passwords and do not necessarily synchronize with the other password stores – This might result in a customer having more than one password associated with their OUNet ID

Sooner Domain This is the Active Directory (AD) password. The AD domain controllers are just a big LDAP server that stores lots of things. Whenever someone connects to the Sooner domain, the password they enter is verified against that stored in domain controller.

Oracle Oracle is a database that is eventually going to feed everything – That is, once you put someone into Oracle, they will eventually get populated into all the other databases The password stored in this database is changed via the SupportTool

LDAP Lightweight Directory Access Protocol – It’s a big database to store user info LDAP is a well accepted protocol and is easy to access – For example, if you want to use password security for a web service, this would be a good protocol to which to connect A more thorough description is on the next two screens.

LDAP (continued) LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features. LDAP originated at the University of Michigan and has been endorsed by at least 40 companies. Netscape includes it in its latest Communicator suite of products. Microsoft includes it as part of what it calls Active Directory in a number of products including Outlook Express. Novell's NetWare Directory Services interoperates with LDAP. Cisco also supports it in its networking products. In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search).protocolInternetintranetX.500 directoryActive DirectoryTCP/IPDNS source:

LDAP (continued) An LDAP directory is organized in a simple "tree" hierarchy consisting of the following levels: – The root directory (the starting place or the source of the tree), which branches out toroot directory – Countries, each of which branches out to – Organizations, which branch out to – Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for) – Individuals (which includes people, files, and shared resources such as printers) An LDAP directory can be distributed among many servers. Each server can have a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSAs as necessary, but ensuring a single coordinated response for the user. source:

LDAP (continued) IT currently maintains a primary LDAP server – Chewy This server is part of the new POP main system and will become the primary LDAP server to which people connect Customer can access this server by using either ldapv3.ou.edu (the preferred method) or ldap.ou.edu.

CICS/TSO These passwords are used to access either CICS or TSO (via either the SNA client or Host On Demand). – This allows the user to interact with the mainframe – These passwords cannot start with a number – This password can never be reset to a password previously used by the customer

Sybase Sybase is the old database system that we use. It gets its information from the mainframe and pushes it to Oracle and OUsql the Exchange System Current plans are to get rid of this database in the near future. Within 2-3 years we should only have Oracle, LDAP, and SOONER.

How is the password changed? The SupportTool calls scripts from a couple of different places to change the NT passwords; it also connects to a stored procedure in Oracle to change the Oracle password.

Exchange Passwords Exchange passwords authenticate against trusted NT domains (Admin, Academic, Athletic, Sooner, et al)

Passwords The POP system authenticates passwords against the new LDAP system (Chewy).

Password Sources Oracle SoonerLDAP Sybase Propagates to