Security Redesign AKA 'SRP' David Mitchell. Security Redesign Project What is it? Why are we doing it? Where is the project?

Slides:



Advertisements
Similar presentations
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Privileged Account Management Jason Fehrenbach, Product Manager.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless and Switch Security NETS David Mitchell.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Configuring Linux Radius Server
HEPNT/HEPiX meeting Oct 6, Securing mail access with Kerberos and SSL Wolfgang Friebel DESY.
802.1x EAP Authentication Protocols
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wireless Network Security Lab Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
Remote Networking Architectures
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.
RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Uday O. Ali Pabrai, CISSP, CHSS Chief executive, HIPAA Academy Health care & HIPAA Security Remediation.
User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Module 11: Remote Access Fundamentals
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
Presents computation Grid Harness the power of Windows, Unix, Linux and Mac OS/X machines.
Security at NCAR David Mitchell February 20th, 2007.
Cisco’s Secure Access Control Server (ACS)
VPN Security Policy By: Fred Cicilioni. VPN, or Virtual Private Network, is a protocol that allows remote access, allowing the user to connect to all.
Authentication Proxy for the VistA Hospital Information System William Majurski Information Technology Laboratory.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
CoBrow Collaborative Browsing A Virtual Presence Service RE 1003 RE 4003.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.
2/26/021 Pegasus Security Architecture Author: Nag Boranna Hewlett-Packard Company.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
TwoFactor Authentication Service Jason Testart, Computer Science Computing Facility.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
LM/NTLMv1 Retirement Hosted by LSP Services.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
NI&S Network Updates Steve Lee NI&S
3.1 Types of Servers.
Two Factor Authentication (2FA)
Secure Software Confidentiality Integrity Data Security Authentication
PGA TOUR Security Update
Presentation transcript:

Security Redesign AKA 'SRP' David Mitchell

Security Redesign Project What is it? Why are we doing it? Where is the project?

What Is It? Replacement for our authetication server Production server based on FWTK. Current design proposal uses FreeRadius Minimal user visible changes Challenge will not be displayed Significant changes on servers and devices

Why Are We Doing It? We can't get the VPN to use the current system. Current system requires client to display the challenge. FWTK is ancient. No longer updated or patched. Current CryptoCard plugin is binary-only and fragile

Where Is The Project? Test server up and running. Major clients have been tested Waiting for security staff to sign off on the implementation.

AuthSrv Details Current AuthSrv based on FWTK code FWTK has it's own on-wire authentication protocol. Not included in any known OS or network device by default. Installation on Unix using a PAM module written by Craig Ruff Custom TACACS server runs which allows network devices to authenticate to it

FreeRadius Details Active and growing project Includes (almost) native support for our tokens. RADIUS is an RFC-defined standard protocol Supported by many network devices and OS's RADIUS already mandatory and in use for VPN and dialup. Soon for wireless.

Hangups Challenge will not be displayed to users by default. Some method to resync (may) be required Password is currently stepped when challenge is displayed New system only steps password on a successful authentication Reduces or eliminates the need for a resync. May allow an attacker to guess a password

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.