1. Identification of WEBnet users Aleš Padrta apadrta@civ.zcu.cz

2. Contents ● Why to identify users? ● Access to WEBnet – Who – How – Services ● How to identify users? ● Common troubles ● Conclusions

3. Why to identify users? ● Access to the resources – According to the role ● Security incidents – Reported as offending IP address ● Virus ● Spam ● Law violation ●... – Caused by users ● Responsibility ● Advice ●... – IP address  user identity

4. IP address assignment Access to WEBnet ● Employees and students of UWB ● Registered devices – Based on HW address – Mainly static IP address – Offices – Public laboratories – Registered by employees ● Devices held by registered users – Based on user ID – Dynamic IP adress – Mobile devices

5. IP address assignment Access to WEBnet ● Registered user – Eduroam – Eduroam simple – VPN (global) – VPN (specialized) – Laboratories ● Registered device – Workstation – Laptops – Printers –... – Dormitories (NAT)

6. Identifying users IP address  identity ● Identity management – Support ● Policy definition ● Access restriction – Unsuitable ● Real access (Who, Where, When) ● Identification of culprit ● Logs of services – Real access (only) – User mapping

7. Identifying users IP address  identity ● Known information – Offending IP address – Time of incident ● Registered user – Service log ● Registered device – Registration log – On site investigation

8. Identifying users Common troubles ● Registered device – Local administrator – Staff turnover – Uncontrolled – Not actual – On site investigation ● User behaviour – Account lending – More users per station

9. Conclusions ● User identification – Important – Access to resources – Security incidents ● Identity management – Access restriction ● Logs for services – Real access ● Identity management + auditing – Both necessary