Presentation is loading. Please wait.

Presentation is loading. Please wait.

4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs.

Published byEthel Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs."— Presentation transcript:

1 4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs needed to reproduce results - a small step in H.323 / LDAP integration - discussion of a possible vidmid authentication directory What this presentation is NOT about - discussion of video schema proposals - discussion of all possible client server configurations - endorsement of any specific vendor gear

2 H.323 / LDAP Security

3 4 October 2001 Project scope Investigate H.323 gatekeeper / directory “authentication” Understand details of RADvision ECS implementation Present findings and submit recommendations Discussion of results

4 4 October 2001 Project notes Increased security More moving parts More to troubleshoot (security v. functionality) Potential long term gain

5 4 October 2001 Overview of findings RADvision ECS GK will talk to an LDAP directory H.323 client registration can be proxied through the GK to a directory Does not perform RFC1777 LDAP authentication

6 4 October 2001 RFC1777 / 2251 authentication Simple authentication over TLS LDAP_Result == 0 sent as a bind response to DN/userPassword bind attempt Practical implementation usually involves a search on “mail | cn” attribute, returning the DN.

7 4 October 2001 RADvision ECS dependencies A stable software revision Point and click tab on ECS to enable LDAP Set ECS to check directory for matching presence of “rvuseralias” attribute for registration Allocate and configure proprietary DIT in the directory for ECS use Specific directory entries need to be in place

8 4 October 2001 Schema modifications RADvision objectclasses (ECS CD2) RADvision attributes (ECS CD2) ftp.radvision.com, thanks iplanet aci attributes (docs.iplanet.com) Custom schema mods / DNs available

9 4 October 2001 Test gear profile RADvision ECS / NT box iplanet 4.12 DS / Sun netra t1 / S8 VCON client / NT box Mt.Dew / Doritos

10 4 October 2001 The observer effect No client response to denied registration No client response to successful registration Sparse RADvision implementation docs Hard coded ECS schema / DN requirements No (direct) support for LDAP over SSL

11 4 October 2001 Assessment of results Marginal increase security of H.323 conferences, when not using SSL Enable a distributed registration process Parallel step in making H.323 registration more manageable Possible ip telephony applications (don’t phreak out) Distributed interdisciplinary collaboration necessary to make any real progress

12 4 October 2001 Recommendations (for vendors) Allow for schema modification on gatekeepers Code RFC1777 LDAP authentication in GK as LDAP clients Extend H.323 clients to test and report registration status Support native SSL in GK as an LDAP client (use stunnel until then) Loan me your gear to test, verify and report on against a known DIT

13 4 October 2001 What’s next? OARnet will host a reference directory for Internet2 vidmid testing at ldap.enss.net or vidmid.osu.edu Both client (GK) and directory schemas will be made available Deployment of YACeViD

14 4 October 2001 YACeViD

15 Albert School aschool@oar.net

Download ppt "4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs."

Similar presentations

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
Jill Gemmill 2004 H.350 (ITU-T Recommendation H.350 Directory Services Architecture for Multimedia) What and Why? Egon Verharen, SURFnet Jill Gemmill,

Jill Gemmill 2004 H.350 (ITU-T Recommendation H.350 Directory Services Architecture for Multimedia) What and Why? Egon Verharen, SURFnet Jill Gemmill,
ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.

WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET.

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Overview Print and Document Services Print Management console Printer properties Troubleshooting.

Overview Print and Document Services Print Management console Printer properties Troubleshooting.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.
Implementing Secure Shared File Access

Implementing Secure Shared File Access
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Similar presentations

Ads by Google