USCGrid A (Very Quick) Introduction To Authn/Authz

Slides:



Advertisements
Similar presentations
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
USCGrid KX.509& Enterprise Security Shelley Henderson Project Manager, Grid Software USC Information.
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals
USCGrid KX.509& Enterprise Security
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Lecture 6 Networked Application Security IT 202—Internet Applications Based on notes developed by Morgan Benton.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 10: Authentication Guide to Computer Network Security.
CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
USCGrid A (Very Quick) Introduction To PubCookie
Authentication & Authorization: Security and Integrity in the Cloud Desmond White July 3,
Introduction University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.
Grids USC Case Study Copyright Shelley Henderson This work is the intellectual property of the author. Permission is granted for this material to.
Chapter 21 Distributed System Security Copyright © 2008.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.
Single Sign-On
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Kerberos  Kerberos was a 3-headed dog in Greek mythology Guarded the gates of the deadGuarded the gates of the dead Decided who might enterDecided who.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
KERBEROS SYSTEM Kumar Madugula.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Electronic Commerce Semester 1 Term 1 Lecture 14.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Identity and Access Management
CAS and Web Single Sign-on at UConn
CIT 480: Securing Computer Systems
Kerberos.
CLIENT/SERVER COMPUTING ENVIRONMENT
Install AD Certificate Services
Preventing Privilege Escalation
Presentation transcript:

USCGrid A (Very Quick) Introduction To Authn/Authz

April 2003USCGrid at Internet22 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

April 2003USCGrid at Internet23 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

April 2003USCGrid at Internet24  Security – The Bird’s-eye View Everybody wants a secure network. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet25  Security – The Bird’s-eye View Everybody wants a secure network. Nobody wants servers broken into. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet26  Security – The Bird’s-eye View Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet27  Security – The Bird’s-eye View There are several aspects to security. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet28  Security – The Bird’s-eye View There are several aspects to security. Authentication A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet29  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet210  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. Authorization A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet211  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. Authorization – which determines what an authenticated user (or program) is allowed to do. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet212  Security – The Bird’s-eye View There are several aspects to security. Confidentiality A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet213  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet214  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. Data integrity A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet215  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. Data integrity – which guards against tampering. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet216  Security – The Bird’s-eye View There are several aspects to security. Auditing A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet217  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet218  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. Intrusion detection A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet219  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. Intrusion detection – which notices break-ins. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet220  Security – The Bird’s-eye View There are several aspects to security. We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet221 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

April 2003USCGrid at Internet222  Authn Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet223  Authn Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet224  Authn There are a couple of different mechanisms used by NMI for authn. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet225  Authn There are a couple of different mechanisms used by NMI for authn. Public Key Infrastructure (PKI) technology is used by the Globus Toolkit. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet226  Authn There are a couple of different mechanisms used by NMI for authn. Public Key Infrastructure (PKI) technology is used by the Globus Toolkit. However, this segment will instead look at PubCookie, a component that uses passwords. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet227 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

April 2003USCGrid at Internet228  Authz Authz determines what an authenticated user (or program) is allowed to do. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet229  Authz Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet230  Authz There are a couple of different mechanisms used by NMI for authz. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet231  Authz There are a couple of different mechanisms used by NMI for authz. However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization. A: USCGrid: A (Very Quick) Intro to Authn/Authz

April 2003USCGrid at Internet232 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

April 2003USCGrid at Internet233 USCGrid: A (Very Quick) Intro to Authn/Authz  References Kerberos: A Network Authentication System. Brian Tung. Addison-Wesley SSH: The Secure Shell: The Definitive Guide. Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates

April 2003USCGrid at Internet234 USCGrid: A (Very Quick) Intro to Authn/Authz  References Practical Unix & Internet Security. Simson Garfinkel & Gene Spafford. O’Reilly & Associates Shibboleth Project. PubCookie.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.