Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab, lectures coming up for most of the topics:

• File based password stores eg. /etc/shadow, .htaccess
• Signing and encrypting e-mail using GPG
• Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
• More TLS and client side authentication in particular
• Filesystem permissions: access control lists, selinux, apparmor
• RADIUS
• Multi-factor authentication: smartcards, Yubikey, Mobile-ID, etc
• Contactless cards
• On the web: Cookies, OAuth, OpenID, iPizza,

General plan:

• Set up incident management software
• Set up Windows servers to serve as domain controllers and fileservers
• Reconfigure Gogs, wiki, incident management software and other services to make use of user accounts in AD
• Set up domain controller replication between servers
• Connect some of the network sockets of rooms 412 and 411 to the internal network interfaces of the servers
• Join Windows, Ubuntu and Mac workstations of 412/411 to domain
• Set up QNAP fileserver as domain member in 412
• Set up group policies
• Customize workstations
• Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)

ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan