Category:I805 Authentication and Authorization: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Line 4: Line 4:


In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
Relevant topics for research and implementation in the lab,
lectures coming up for most of the topics:
* File based password stores eg. /etc/shadow, .htaccess
* Signing and encrypting e-mail
* Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
* More TLS and client side authentication in particular
* Filesystem permissions: access control lists, selinux, apparmor
* RADIUS
* Multi-factor authentication: smartcards, Yubikey, etc
* Contactless cards
* On the web: Cookies, OAuth, OpenID, iPizza,


General plan:
General plan:
Line 22: Line 36:


Lecturers: Lauri Võsandi, Belgin Tastan
Lecturers: Lauri Võsandi, Belgin Tastan
==Scenario==
In this course we will attempt to set up a network similar to a corporate network with multiple offices, eg http://docplayer.it/docs-images/20/596222/images/25-0.png
We will use VPN software to connect subnets to each other and we will use VPN software to connect our personal computers to the intranet.

Revision as of 20:47, 26 January 2017

Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab, lectures coming up for most of the topics:

  • File based password stores eg. /etc/shadow, .htaccess
  • Signing and encrypting e-mail
  • Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
  • More TLS and client side authentication in particular
  • Filesystem permissions: access control lists, selinux, apparmor
  • RADIUS
  • Multi-factor authentication: smartcards, Yubikey, etc
  • Contactless cards
  • On the web: Cookies, OAuth, OpenID, iPizza,


General plan:

  • Set up incident management software
  • Set up Windows servers to serve as domain controllers and fileservers
  • Reconfigure Gogs, wiki, incident management software and other services to make use of user accounts in AD
  • Set up domain controller replication between servers
  • Connect some of the network sockets of rooms 412 and 411 to the internal network interfaces of the servers
  • Join Windows, Ubuntu and Mac workstations of 412/411 to domain
  • Set up QNAP fileserver as domain member in 412
  • Set up group policies
  • Customize workstations
  • Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)


ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan

Pages in category "I805 Authentication and Authorization"

This category contains only the following page.

W

Retrieved from "https://wiki.itcollege.ee/index.php?title=Category:I805_Authentication_and_Authorization&oldid=117142"