Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab. Lectures coming up for most of the topics:

• File based password stores eg. /etc/shadow, .htaccess
• Signing and encrypting e-mail using GPG
• Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
• More TLS and client side authentication in particular
• Filesystem permissions: access control lists, selinux, apparmor
• RADIUS
• Multi-factor authentication: smartcards, Yubikey, Mobile-ID, etc
• Contactless cards
• On the web: Cookies, OAuth, OpenID, iPizza,

Slides:

https://docs.google.com/presentation/d/1NzY8AspqZwrYxoJ3Qi-pBWsMDdiIUeA4lgZnwZGTMVg/edit?usp=sharing

Tasks:

• Play the red team: Kustas, Ender, Andris
• Set up rocket.chat instead of IRC server: Meelis Hass
• Reconfigure Gogs: <insert your name here>
• Reconfigure wiki: <insert your name here>
• Set up domain controller replication between servers
• Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
• Set a blank smartcard as TLS client authentication token: <insert your name here>
• NFC card backups: <insert your name here>

With Lauri/Belgin from Linux/Windows admin course:

• Set up domain controller /w MS AD/Samba:
• Set up fileserver with several shares: <your name>
• Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
• Set up group policies, eg install software and configure VPN for HP Probook

With Viktor from Incident management course:

• Set up incident management software, configure to authenticate with AD

ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan