TwoFactor Authentication Service Jason Testart, Computer Science Computing Facility.

Slides:



Advertisements
Similar presentations
McAfee One Time Password
Advertisements

Access Control Chapter 3 Part 3 Pages 209 to 227.
Privileged Account Management Jason Fehrenbach, Product Manager.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
What to expect.  Linux  Windows Server (2008 or 2012)
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
Introduction to Unix GLY 560: GIS for Earth Scientists Class Home Page:
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
1 SLAC Windows Migration Bob Cowles Presented for the SLAC Windows Migration Project HEPNT, Fermilab October 24, 2002.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Objectives  Understand the purpose of the superuser account  Outline the key features of the Linux desktops  Navigate through the menus  Getting help.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Verify Hardware Requirements Install Windows Server 2008 R2 Configure Active Directory Install SQL Server 2008 Install SharePoint Server 2010 Configure.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Lawrence Livermore National Laboratory A system for strong local account management. SLAM David Frye Lawrence Livermore National Laboratory, P. O. Box.
Choosing NOS can be a complex and a difficult decision. Every popular NOS has its strengths and weaknesses. NOS may cost thousands of dollars depending.
Module 11: Remote Access Fundamentals
CSC 386 – Computer Security Scott Heggen. Agenda A last look at OS Security Comparing Windows to Linux.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Computer Science Computing Facility Technical Staff supporting the School of Computer Science.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Lieberman Software Random Password Manager & Two-Factor Authentication.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Chapter 10: Rights, User, and Group Administration.
REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Microsoft Ignite /25/2017 9:57 AM
If a bad guy can alter the operating system on your computer, it's not your computer anymore A bad guy could have altered the operating system on EVERY.
Day12 Network OS. What is an OS? Provides resource management and conflict resolution. –This includes Memory CPU Network Cards.
Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.
Privileged Access Management (PAM) with MIM 2016
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
Firewalls in an Academic Environment Jason A. Testart, Computer Science Computing Facility.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
Kelly Whitacre, Kunal Bele, and Mike Gerschefske.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Module 1: Introduction to Windows 2000 and Networking.
Copyright© 2003 Avaya Inc. All rights reserved Avaya – Proprietary Use pursuant to Company instructions How TSAPI works with SDB Yanli.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Windows Vista Configuration MCTS : User Account Security.
Windows interoperability with Unix/Linux
Chapter 5 Electronic Commerce | Security Threats - Solution
Configuring Windows Firewall with Advanced Security
Chapter 5 Electronic Commerce | Security Threats - Solution
3.2 Virtualisation.
NTC 324 RANK Education for Service-- ntc324rank.com.
File Transfer Protocol
Linux Security.
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Preventing Privilege Escalation
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Network File System (NFS)
Presentation transcript:

TwoFactor Authentication Service Jason Testart, Computer Science Computing Facility

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Authentication Nomenclature Two-Factor Authentication Strong Authentication One-time password (OTP) Token-based authentication “RSA” and “SecurID” GINA

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Why TwoFactor authentication? Thin clients Hacked workstations Lack of encrypted connection Shared accounts are bad

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Hardware Tokens

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Some History SecurID system purchased in 1996 by DP Needed for access to OGF DCS and MFCF: ssuw on xhiered Unix MFCF/CSCF assumed control of SecurID service from IST in 2004 after OGF upgrade

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** ACE Servers

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** CRYPTO-Shield by CryptoCard Less expensive Tokens don’t expire Ability to import from ACE server Good Linux support Now supports the Blackberry Canadian company

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Got root? CRYPTO-Server does RADIUS Sudo is PAM enabled Pam-radius module works on Solaris, Linux, OS X Instead of ssuw, use “sudo –s”

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Switches and Firewalls Firewall FreeRADIUS server CRYPTO-Server Firewall provides userid+password to FreeRADIUS server

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Switches and Firewalls Firewall FreeRADIUS server CRYPTO-Server FreeRADIUS provides, via PAM, userid+password to CRYPTO-Server

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Switches and Firewalls Firewall FreeRADIUS server CRYPTO-Server CRYPTO-Server accepts or rejects authentication request.

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Switches and Firewalls Firewall FreeRADIUS server CRYPTO-Server If the CRYPTO-Server accepted the authentication, then the FreeRADIUS server looks-up the user in its users file and returns a “success” to the firewall along with the defined attributes for the user.

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Active Directory Use a new domain for just Administrators CRYPTO-Logon agent on each domain member (replaces the GINA) CRYPTO-Logon DC service on each domain controller Place users of new domain in universal group(s) Give universal group(s) elevated privileges to other domains in the forest

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Active Directory Architecture CRYPTO-Server AD Forest cscf.uwaterloo.ca cscf.uwaterloo.cacs.uwaterloo.ca sysadmins.cscf.uwaterloo.ca student.cs.uwaterloo.ca superusers.uwdomain.uwaterloo.ca uwdomain.uwaterloo.ca Hosts in the “sysadmins” and “superusers” domains authenticate against the CRYPTO-Server. AD Forest uwforest.uwaterloo.ca

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Hardware Total of 6 hosts needed 2 for CRYPTO-Server (master and replica) 4 for Windows domain (3 DCs, 1 TS) All hosts are virtual 3 in MC, 3 in DC (BCP) Have capacity for 6 more virtual machines Everything is behind the Netscreens

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Challenges/Limitations OS X functionality is limited in how we use it Limited integration with SSO plans Enforcing compliance

WatITis 2006 | December 6, 2006 | ***TwoFactor Authentication Service*** Thanks for your time! For more information, please visit: Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.