Category:I805 Authentication and Authorization: Difference between revisions
From ICO wiki
Jump to navigationJump to search
Line 30: | Line 30: | ||
* Set up rocket.chat instead of IRC server: Meelis Hass | * Set up rocket.chat instead of IRC server: Meelis Hass | ||
* Set up file synchronization with NextCloud: Etienne | * Set up file synchronization with NextCloud: Etienne | ||
* Set up domain controller on hq Windows server: Mohanad/Madis | |||
* Set up backup domain controller on rnd: Arti | |||
* Reconfigure Gogs: <insert your name here> | * Reconfigure Gogs: <insert your name here> | ||
* Reconfigure wiki: <insert your name here> | * Reconfigure wiki: <insert your name here> | ||
* Reconfigure mail server: | * Reconfigure mail server: Sheela | ||
* Reconfigure webserver/MySQL: Joosep | * Reconfigure webserver/MySQL: Joosep | ||
* Set a blank smartcard as TLS client authentication token: Keijo? | |||
* Set a blank smartcard as TLS client authentication token: | * NFC card backups: Keijo | ||
* NFC card backups: | |||
* OpenVPN with Estonian ID-card howto: Ardi Vaba | * OpenVPN with Estonian ID-card howto: Ardi Vaba | ||
* Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network): <insert your name here> | * Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network): <insert your name here> |
Revision as of 12:29, 7 February 2017
Authentication and Authorization
General information
In this course we continue where we left off with Firewalls and VPN/IPsec course.
Relevant topics for research and implementation in the lab. Lectures coming up for most of the topics:
- File based password stores eg. /etc/shadow, .htaccess
- Signing and encrypting e-mail using GPG
- Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
- More TLS and client side authentication in particular
- Filesystem permissions: access control lists, selinux, apparmor
- RADIUS
- Multi-factor authentication: smartcards, Yubikey, Mobile-ID, etc
- Contactless cards
- On the web: Cookies, OAuth, OpenID, iPizza,
Intro slides & video recording:
https://docs.google.com/presentation/d/1NzY8AspqZwrYxoJ3Qi-pBWsMDdiIUeA4lgZnwZGTMVg/edit?usp=sharing
https://echo360.e-ope.ee/ess/echo/presentation/54eb478c-f6ae-4629-b1e3-c43f5a2f6842?ec=true
Tasks, not necessarily all have to be covered. Pick the one you like the most:
- Play the red team: Kustas, Ender, Mikus
- Set up rocket.chat instead of IRC server: Meelis Hass
- Set up file synchronization with NextCloud: Etienne
- Set up domain controller on hq Windows server: Mohanad/Madis
- Set up backup domain controller on rnd: Arti
- Reconfigure Gogs: <insert your name here>
- Reconfigure wiki: <insert your name here>
- Reconfigure mail server: Sheela
- Reconfigure webserver/MySQL: Joosep
- Set a blank smartcard as TLS client authentication token: Keijo?
- NFC card backups: Keijo
- OpenVPN with Estonian ID-card howto: Ardi Vaba
- Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network): <insert your name here>
With Lauri/Belgin from Linux/Windows admin course:
- Set up domain controller /w MS AD/Samba:
- Set up fileserver with several shares: <insert your name>
- Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
- Set up group policies, eg install software and configure VPN for HP Probook
With Viktor from Incident management course:
- Set up incident management software, configure to authenticate with AD
ECTS: 4
Lecturers: Lauri Võsandi
Pages in category "I805 Authentication and Authorization"
This category contains only the following page.