Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Slides:



Advertisements
Similar presentations
Dartmouth PKI Deployment Case Study: What Works and Doesn’t Work (so far) Presented by: Mark Franklin Sixth Annual PKI Summit at Snowmass, Colorado August.
Advertisements

Inter-Institutional Registration UNC Cause December 4, 2007.
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Certificate Authorities - Commercial Options Robert Brentrup Educause/Dartmouth PKI Summit July 26, 2005.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
Lecture 23 Internet Authentication Applications
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
A.Vandenberg August 7, 2001 HE PKI Summit State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
The PKI Lab at Dartmouth Presentation for Mellon Retreat February 9, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Superhighway Robbery: The Real Cost of Cyber Security NACUBO July 18, 2004 Copyright Mark Franklin, This work is the intellectual property of the.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
Configuring Active Directory Certificate Services Lesson 13.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Public Key Infrastructure Ammar Hasayen ….
Windows 2003 and 802.1x Secure Wireless Deployments.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Clinic Security and Policy Enforcement in Windows Server 2008.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Some aspects of Library Technology Infrastructure in the US and Japan Tim Deliyannides & Takeshi Kuboyama
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
PKI Activities at Virginia September 2000 Jim Jokl
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Secure Enterprise Technology Initiatives e-Provisioning Group
Dartmouth College Status Report
Getting Started.
Public Key Infrastructure from the Most Trusted Name in e-Security
Getting Started.
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004

Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Dual objectives: –Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere). –Improve the current state of the art. Identify security issues in current products. Develop solutions to the problems. Sponsored by the Mellon Foundation, Cisco, Intel, Sun Labs, HP Labs, NSF, DHS, Intenet2/AT&T, IBM Research

PKI Objectives Provide Authentication Alternative –Ease of use important –Similar security is adequate Don’t transmit passwords, directory enabled –Scale as rapidly as possible Additional Applications PKI enables –Secure Mail –Document Signing Find out what was possible once infrastructure was available

PKI Implementation Commercial CA Software (Sun/iPlanet) Sun 250 server Single Online CA Server –Hardware Key Storage –Dedicated Firewall –Publishes CRLs and provides OCSP

Simple Policies Identification required for employment or matriculation Maintained from Institutional Systems –SIS, HR, Sponsored Guests LDAP Directory Authorization Self Service One year validity range –Also Temporary Certificate option Balance Complexity with Security needs

User Enrollment Key Generation by Web Browser –Internet Explorer and Netscape/Mozilla Cross platform –Software Key and Certificate Storage –USB Token option for better key protection and mobility –Increasing emphasis on Tokens and in-person registration

LDAP Directory Automated Addition and Deletion –New Persons added through normal procedures –Persons leaving removed in one month –Used for simple authorization checks CA Publishes Certificates and CRLs to LDAP –As revoked and refreshed weekly

Production Applications Web Services Authentication –Student Information System –Library Journals –Business School Portal –Software Downloads –Course Management System (Blackboard) SSL for IMAP Servers VPN Authentication

Pilot Applications Shibboleth Authentication Hardware Key Storage (Aladdin USB Tokens) –Distribute to Incoming Class Secure Mail and List Server Document Signatures –Acrobat, Office, XML (NIH) Wireless Network Authentication High Assurance VPN Access Application and OS Sign-on with Tokens Grids

PKI Deployment Timeline Planning late 2001 Staffing Jan - April 2002 HW/SW Acquisition began Feb 2002 CA Installation began June 2002 Test CA available Sept 2002 Production CA available Jan 2003 First Applications –Library Jun 2003, Banner Aug 2003

Certificates Issued On April 15, 2004 –1542 Certificates Issued –749 Unique Individuals –542 Students (10%) –207 Faculty and Staff (8%) –68 Servers, Network Devices and CMS Admin On July 14, 2004 –1819 Certificates Issued –885 Unique Individuals

Devices with Certificates Web Server Certificates (18) –Sponsored Research System (SRS) –Bio-Informatics –Eng. Course evaluation system –Letters of Evaluation On-line (LEO) –Computing Services Internal

Devices with Certificates Mail Servers (8) Sympa List Server (S/MIME) VPN Concentrators (2) Grids (2) –fMRI, Physics Directory Servers (5) –LDAP, Active Directory

Rollout Activities Integrated user documentation on web, software downloads Support staff training and early adopters Add PKI functionality in System Updates Offer PKI as first authentication option Kerberos authentication error messages suggest PKI alternative PKI Configuration and SW on Disk images, for public computers and new purchases

Issues Application owners rightfully cautious –Displacing a system that worked well in the past –Support has proven to not be a burden –Has solved existing problems Time available for new applications is limited OS and client PKI support evolving Inter-institutional infrastructure just starting to appear

Research Projects Guest Authentication to Secure Wireless Network Open Source CA software –Installation, Packaging, Features Secure Hardware Applications –TPM and IBM 4758 –Enforcer - Secure Linux Kernel (available at

Future Directions Move more advanced applications into production Evolve infrastructure to match security needs of application Universal local participation is a goal Inter-institutional / Government e-Business

For More Information Dartmouth Support Web: Dartmouth PKI Lab: PKI Outreach web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.