SIP Authentication and H.350 Presented at the Internet2 Spring 2005 Member Meeting Larry Amiot Northwestern University.

Slides:



Advertisements
Similar presentations
CS5204 – Operating Systems 1 A Private Key System KERBEROS.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
CREATE LOGIN James WITH PASSWORD = 'A' Answer: SQL 2005 and 2008 can enforce the password policy of the operating system. CREATE LOGIN James WITH PASSWORD.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 June 1, 2015 Secure access to project budget information for OAR Principal Investigators Eugene F Burger Sylvia Scott Tracey Nakamura John L Forbes PMEL.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.
 Chirita Ionel  Application Security  OWASP Chapter board member.
Securing Squid (Proxy) Using Digest Authentication.
 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.
ECE355 Project SIP Applications Tiuley Alguindigue
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Module 11: Remote Access Fundamentals
Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training September 27, 2004 Austin, Texas Introduction to.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
SQL Server Security By Mattias Lind For PASS Security VC.
Mastering Windows Network Forensics and Investigation Chapter 13: Logon and Account Logon Events.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Introduction to SIP Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training March 22, 2004 Indianapolis,
A ISP free video conferencing application for mobile devices using wireless and VoIP Technology.
Overview of H.350 Directory Services For Multimedia Conferencing Larry Amiot Northwestern University Internet2 Commons Site Coordinator.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
EE 418 Software Engineering Term Project Objective : Departmental Software Collection Management Software.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
WEB PROGRAMMING – ASP.NET Presented By – Kiran Kumar Gunna.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Web Database Programming Week 7 Session Management & Authentication.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
UMBC’s WebAuth Robert Banz – UMBC
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Data Acquisition in a PACS Weina Ma Sep 24 th, 2013.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Configuring and Deploying Web Applications Lesson 7.
Endpoints Lesson 17. Skills Matrix Endpoints Endpoints provide a reliable, securable, scalable messaging system that enables SQL Server to communicate.
Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training September 27, 2004 Austin, Texas Overview of H.350.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Diameter Parameter Query draft-winterbottom-dime-param-query-01.txt J. Winterbottom, H. Tschofenig, R. Bellis.
Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
How To Start a SQL server Connecting to SQL Server.
IRMIS at the CLS E. Matias Canadian Light Source November 23, 2017
Stop Those Prying Eyes Getting to Your Data
Module Overview Installing and Configuring a Network Policy Server
Jim Fawcett CSE686 – Internet Programming Summer 2005
Services Provided by Network Operating Systems
A Private Key System KERBEROS.
From Passwords to Public keys Chapter 10 ~ Chapter 12
Virtual Private Networks (VPN)
Security - Forms Authentication
Presentation transcript:

SIP Authentication and H.350 Presented at the Internet2 Spring 2005 Member Meeting Larry Amiot Northwestern University

What You Need A SIP client with a UID and password A SIP client with a UID and password A SIP Proxy Server with which to register (authenticate) A SIP Proxy Server with which to register (authenticate) Unless the SIP Proxy Server has an internal database, a server that holds the authentication information Unless the SIP Proxy Server has an internal database, a server that holds the authentication information Systems that all understand the same method of authentication Systems that all understand the same method of authentication

Some methods of authentication Digest Digest Kerberos Kerberos NTLM NTLM Basic Basic Problem- Not all clients and SIP Proxy Servers understand and use the same methods of authentication although the SIP standard does specify “Digest” as the method of choice! Basic is specifically not allowed.

An Example from Northwestern University IPTEL SER SIP Server (Linux) IPTEL SER SIP Server (Linux) –SER uses digest for authentication –Has internal SQL database, but we “catch” failures and use NU written Perl code to authenticate against H.350 Wave3 or Windows Messenger client Wave3 or Windows Messenger client H.350 server with SIPIdentity defined for user H.350 server with SIPIdentity defined for user Wrote Perl code to store UserID/Passwd in H.350 as well as other SIPIdentity parameters Wrote Perl code to store UserID/Passwd in H.350 as well as other SIPIdentity parameters

SIPIdentity SIPIdentityUserName SIPIdentityUserName SIPIdentityPassword SIPIdentityPassword SIPIdentityProxyAddress SIPIdentityProxyAddress SIPIdentityRegistrarAddress SIPIdentityRegistrarAddress SIPIdentityAddress SIPIdentityAddress SIPIdentitySIPURI SIPIdentitySIPURI

SIP ClientSER ProxyH.350 Server Registration Request Authentication Challenge with nounce MD5(nounce,MD5(passwd)) Request Password MD5(password) Compare calculated and received MD5(nounce, MD5(passwd)) Authenticated (or not)

What’s Next Phase 1- Implement SSL for transmitting UserID/Passwds from H.350 to SIP Proxy Server Phase 1- Implement SSL for transmitting UserID/Passwds from H.350 to SIP Proxy Server Phase 2 Phase 2 –Use Northwestern NetID/Passwds –Transmit NetID/Passwds to H.350 using SNAP/Keberos –Transmit NetID/Passwds from H.350 to SIP Proxy Server using Kerberos

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.