Category:I805 Authentication and Authorization: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 5: Line 5:
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.


Relevant topics for research and implementation in the lab,
Relevant topics for research and implementation in the lab.
lectures coming up for most of the topics:
Lectures coming up for most of the topics:


* File based password stores eg. /etc/shadow, .htaccess
* File based password stores eg. /etc/shadow, .htaccess
Line 23: Line 23:




General plan:
Tasks:


* Set up incident management software
* Play the red team: Kustas, Ender, Andris
* Set up Windows servers to serve as domain controllers and fileservers
* Set up rocket.chat instead of IRC server: Meelis Hass
* Reconfigure Gogs, wiki, incident management software and [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Domain_names other services] to make use of user accounts in AD
* Reconfigure Gogs: <insert your name here>
* Reconfigure wiki: <insert your name here>
* Set up domain controller replication between servers
* Set up domain controller replication between servers
* Connect some of the network sockets of rooms 412 and 411 to the internal network interfaces of the servers
* Join Windows, Ubuntu and Mac workstations of 412/411 to domain
* Set up QNAP fileserver as domain member in 412
* Set up group policies
* Customize workstations
* Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
* Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
* Set a blank smartcard as TLS client authentication token:  <insert your name here>
* NFC card backups: <insert your name here>


With Lauri/Belgin from Linux/Windows admin course:
* Set up domain controller /w MS AD/Samba:
* Set up fileserver with several shares: <your name>
* Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
* Set up group policies, eg install software and configure VPN for HP Probook
With Viktor from Incident management course:
* Set up incident management software, configure to authenticate with  AD


ECTS: 4
ECTS: 4


Lecturers: Lauri Võsandi, Belgin Tastan
Lecturers: Lauri Võsandi, Belgin Tastan

Revision as of 14:54, 31 January 2017

Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab. Lectures coming up for most of the topics:

  • File based password stores eg. /etc/shadow, .htaccess
  • Signing and encrypting e-mail using GPG
  • Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
  • More TLS and client side authentication in particular
  • Filesystem permissions: access control lists, selinux, apparmor
  • RADIUS
  • Multi-factor authentication: smartcards, Yubikey, Mobile-ID, etc
  • Contactless cards
  • On the web: Cookies, OAuth, OpenID, iPizza,

Slides:

https://docs.google.com/presentation/d/1NzY8AspqZwrYxoJ3Qi-pBWsMDdiIUeA4lgZnwZGTMVg/edit?usp=sharing


Tasks:

  • Play the red team: Kustas, Ender, Andris
  • Set up rocket.chat instead of IRC server: Meelis Hass
  • Reconfigure Gogs: <insert your name here>
  • Reconfigure wiki: <insert your name here>
  • Set up domain controller replication between servers
  • Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
  • Set a blank smartcard as TLS client authentication token: <insert your name here>
  • NFC card backups: <insert your name here>

With Lauri/Belgin from Linux/Windows admin course:

  • Set up domain controller /w MS AD/Samba:
  • Set up fileserver with several shares: <your name>
  • Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
  • Set up group policies, eg install software and configure VPN for HP Probook

With Viktor from Incident management course:

  • Set up incident management software, configure to authenticate with AD

ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan

Pages in category "I805 Authentication and Authorization"

This category contains only the following page.