Difference between revisions of "Category:I805 Authentication and Authorization"

From ICO wiki
(General information)
(Authentication and Authorization)
Line 4: Line 4:
  
 
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
 
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
 +
 +
Relevant topics for research and implementation in the lab,
 +
lectures coming up for most of the topics:
 +
 +
* File based password stores eg. /etc/shadow, .htaccess
 +
* Signing and encrypting e-mail
 +
* Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
 +
* More TLS and client side authentication in particular
 +
* Filesystem permissions: access control lists, selinux, apparmor
 +
* RADIUS
 +
* Multi-factor authentication: smartcards, Yubikey, etc
 +
* Contactless cards
 +
* On the web: Cookies, OAuth, OpenID, iPizza,
 +
  
 
General plan:
 
General plan:
Line 22: Line 36:
  
 
Lecturers: Lauri Võsandi, Belgin Tastan
 
Lecturers: Lauri Võsandi, Belgin Tastan
 
==Scenario==
 
 
In this course we will attempt to set up a network similar to a corporate network with multiple offices, eg http://docplayer.it/docs-images/20/596222/images/25-0.png
 
 
We will use VPN software to connect subnets to each other and we will use VPN software to connect our personal computers to the intranet.
 

Revision as of 20:47, 26 January 2017

Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab, lectures coming up for most of the topics:

  • File based password stores eg. /etc/shadow, .htaccess
  • Signing and encrypting e-mail
  • Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
  • More TLS and client side authentication in particular
  • Filesystem permissions: access control lists, selinux, apparmor
  • RADIUS
  • Multi-factor authentication: smartcards, Yubikey, etc
  • Contactless cards
  • On the web: Cookies, OAuth, OpenID, iPizza,


General plan:

  • Set up incident management software
  • Set up Windows servers to serve as domain controllers and fileservers
  • Reconfigure Gogs, wiki, incident management software and other services to make use of user accounts in AD
  • Set up domain controller replication between servers
  • Connect some of the network sockets of rooms 412 and 411 to the internal network interfaces of the servers
  • Join Windows, Ubuntu and Mac workstations of 412/411 to domain
  • Set up QNAP fileserver as domain member in 412
  • Set up group policies
  • Customize workstations
  • Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)


ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan

Pages in category "I805 Authentication and Authorization"

This category contains only the following page.