May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current Campus Authentication Methodologies Authentication Advanced Technology Project Briefly Discuss UC Davis Interest in Middleware and Authentication

May 22, 2002 UC Davis Security Architecture

May 22, 2002 UC Davis Security Architecture Prevention: Proactive and reactive information security policies, standards, procedures, guidelines, tools, security awareness programs and authentication and authorization methodologies Assurance: Tools and strategies to evaluate and maintain an effective information security program, such as security vulnerability assessments Detection and Investigation: The timely detection, investigation, tracking and management reporting of information security breaches Recovery: Tools and practices to develop and implement timely recovery from information security breaches, including loss of service availability and/or integrity.

May 22, 2002 Current Common Authentication Methodologies CyberSafe Kerberos Avoids Transmittal of Clear Text Password Supports Distributed Authentication User Authentication from a Web Browser Integrated into: –MyUCDavis Portal Authentication –Central Wireless Services –Web Content for Campus-Affiliated Users Hardware Tokens Two-factor Authentication One-time Passwords

May 22, 2002 Campus Plans to Reduce Reliance on Hardware Tokens Issue: How Do We Strengthen the Security of Authentication Systems Relying on Reusable Passwords? Insecure Applications Password Format Password Aging Dictionary Checks Upon Selection LDAP Queries Last Used Information Source IP Address Account Lockouts Login Banners Authorization vs. Authentication

May 22, 2002 Authentication Advanced Technology Project Identify Strategic Authentication Requirements Review Existing Authentication Services Review Authentication Alternatives Functionality and Usability Scalability Security Provide Strategic Recommendations that Meet Campus Common Authentication Needs and Consistent with NBA Vision for Single-Signon

May 22, 2002 Middleware and Authentication Authentication is A Key Infrastructure Service Shared by Applications and Users Requires Identity Assertion and Identity Credential Verification Requires Enterprise Directory for Identity Attributes PKI is Important for Middleware Security Services Digital Credentials and Digital Signatures Supports Non-Repudiation Elements Supports Federated Authentication Model