Difference between revisions of "Category:I805 Authentication and Authorization"

From ICO wiki
Line 5: Line 5:
 
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
 
In this course we continue where we left off with [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Firewalls_and_VPN.2FIPSec Firewalls and VPN/IPsec] course.
  
Relevant topics for research and implementation in the lab,
+
Relevant topics for research and implementation in the lab.
lectures coming up for most of the topics:
+
Lectures coming up for most of the topics:
  
 
* File based password stores eg. /etc/shadow, .htaccess
 
* File based password stores eg. /etc/shadow, .htaccess
Line 23: Line 23:
  
  
General plan:
+
Tasks:
  
* Set up incident management software
+
* Play the red team: Kustas, Ender, Andris
* Set up Windows servers to serve as domain controllers and fileservers
+
* Set up rocket.chat instead of IRC server: Meelis Hass
* Reconfigure Gogs, wiki, incident management software and [https://wiki.itcollege.ee/index.php/Category:I802_Firewalls_and_VPN_IPSec#Domain_names other services] to make use of user accounts in AD
+
* Reconfigure Gogs: <insert your name here>
 +
* Reconfigure wiki: <insert your name here>
 
* Set up domain controller replication between servers
 
* Set up domain controller replication between servers
* Connect some of the network sockets of rooms 412 and 411 to the internal network interfaces of the servers
 
* Join Windows, Ubuntu and Mac workstations of 412/411 to domain
 
* Set up QNAP fileserver as domain member in 412
 
* Set up group policies
 
* Customize workstations
 
 
* Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
 
* Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
 +
* Set a blank smartcard as TLS client authentication token:  <insert your name here>
 +
* NFC card backups: <insert your name here>
  
 +
With Lauri/Belgin from Linux/Windows admin course:
 +
 +
* Set up domain controller /w MS AD/Samba:
 +
* Set up fileserver with several shares: <your name>
 +
* Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
 +
* Set up group policies, eg install software and configure VPN for HP Probook
 +
 +
With Viktor from Incident management course:
 +
 +
* Set up incident management software, configure to authenticate with  AD
  
 
ECTS: 4
 
ECTS: 4
  
 
Lecturers: Lauri Võsandi, Belgin Tastan
 
Lecturers: Lauri Võsandi, Belgin Tastan

Revision as of 15:54, 31 January 2017

Authentication and Authorization

General information

In this course we continue where we left off with Firewalls and VPN/IPsec course.

Relevant topics for research and implementation in the lab. Lectures coming up for most of the topics:

  • File based password stores eg. /etc/shadow, .htaccess
  • Signing and encrypting e-mail using GPG
  • Active Directory protocols: LM, NTLM, Kerberos, GSSAPI, SPNEGO, LDAP
  • More TLS and client side authentication in particular
  • Filesystem permissions: access control lists, selinux, apparmor
  • RADIUS
  • Multi-factor authentication: smartcards, Yubikey, Mobile-ID, etc
  • Contactless cards
  • On the web: Cookies, OAuth, OpenID, iPizza,

Slides:

https://docs.google.com/presentation/d/1NzY8AspqZwrYxoJ3Qi-pBWsMDdiIUeA4lgZnwZGTMVg/edit?usp=sharing


Tasks:

  • Play the red team: Kustas, Ender, Andris
  • Set up rocket.chat instead of IRC server: Meelis Hass
  • Reconfigure Gogs: <insert your name here>
  • Reconfigure wiki: <insert your name here>
  • Set up domain controller replication between servers
  • Set up OpenWrt wifi routers as access points with username/password authentication (like eduroam wireless network)
  • Set a blank smartcard as TLS client authentication token: <insert your name here>
  • NFC card backups: <insert your name here>

With Lauri/Belgin from Linux/Windows admin course:

  • Set up domain controller /w MS AD/Samba:
  • Set up fileserver with several shares: <your name>
  • Use iMac and HP Probook at 412/411 for joining them to domain. Needs some network rewiring first, ask Lauri.
  • Set up group policies, eg install software and configure VPN for HP Probook

With Viktor from Incident management course:

  • Set up incident management software, configure to authenticate with AD

ECTS: 4

Lecturers: Lauri Võsandi, Belgin Tastan

Pages in category "I805 Authentication and Authorization"

This category contains only the following page.