Building Secure, Flexible and Scalable Environments using LDAP - SANS 2002 - Orlando Sacha Faust PricewaterhouseCoopers

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
ECS and LDAP Karen Krivaa Product Marketing Manager.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Password?. Project CLASP: Common Login and Access rights across Services Plan
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration
Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.
Understanding Active Directory
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Understanding Active Directory
Public Key Infrastructure from the Most Trusted Name in e-Security.
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Greg Andolshek Alex Koch Michael McCormick Team Lasso.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
USM Regional PeopleSoft Conference
Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.
Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.
INTRODUCTION What is a Web-Enabled Database? Problem and its Importance Two-tier Architecture Three-tier Architecture Need for a compatible centralized.
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.
Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Introduction to Microsoft Windows 2000 Integrated support for client/server and peer-to-peer networks Increased reliability, availability, and scalability.
LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.
Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.
Introduction to Microsoft Windows 2000 Welcome to Chapter 1 Windows 2000 Server.
An Enterprise Computer Architecture ASIG – Sept 12, 2001.
The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.
30 April 1998IBM1 Directory Services Best Practices Ellen Stokes, Directory Architect IBM Austin
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Oracle HFM Implementation Boot Camp
LDAP- Protocol and Applications. Role of LDAP Allow clients to access a directory service Directories hold hierarchical structured information Clients.
Module 10: Identity and Access Services in Windows Server 2008 Active Directory.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
1 CEG 2400 Fall 2012 Directory Services Directory Services eDirLDAP Active Directory.
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Secure Connected Infrastructure
File Transfer Protocol
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Goals Introduce the Windows Server 2003 family of operating systems
Public Key Infrastructure from the Most Trusted Name in e-Security
Presentation transcript:

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

2 LDAP overview History Historical Usage Technical specs

3 History Created by the University of Michigan Evolution – 1993 : LDAP v1: RFC 1487: X.500 Lightweight Directory Access Protocol – 1995 : LDAP v2: RFC 1777: Lightweight Directory Access Protocol – 1997 : LDAP v3: RFC 2251: Lightweight Directory Access Protocol (v3)

4 Historical Usage People-centric information – Phone books – Personnel Data Large white page applications

5 Technical specs TCP/IP Lightweight Hierarchical structure Easy API

6 LDAP for a single sign-on environment? Why single sign-on is needed? Why LDAP is a viable solution for single-on? Requirements for an efficient and secure single sign- on solution Technical challenges for implementing a true single- sign on What can LDAP do to solve the problems?

7 Why single sign-on is needed? Large networks Multiple operating systems Various network devices Centralizing Infrastructure

8 Why LDAP is a viable solution for single-on? Lightweight TCP/IP Open standard Already used to store People-centric information

9 Requirements for an efficient and secure single sign-on solution Open standard Scalability Access controls Easy to integrate with current infrastructure Easy and reliable API Easy to manage

10 Technical challenges for implementing a true single-sign on Cross platform support Cross platform user settings Data Synchronization Proprietary authentications Security Schema and organizational structure

11 What can LDAP do to solve the problems? Open standard Support for SSL Most vendors offer ACL Customizable schema Powerful search capabilities

Test case - ASP environment

13 Overview

14 NT Authentication

18 Linux/UNIX Authentication

21 Why is this solution better? Advantages Security – Central control of all users – Central point of revocation Flexibility Scalability Financially – Most of the components are available for free use – Low management cost – Doesn't requirement a lot of administration

22 Security Central control of all users Central point of revocation

23 Advance topics LDAP Security – Steps to secure your LDAP server – Special consideration for single sign on

24 Steps to secure your LDAP server 1. Identifying requirements 2. Securing the Directory 2. LDAP server host security 3. Network security

25 1. Identifying requirements Network access Types of users and groups Defining data access requirements LDAP schema

26 Network access Network architecture Identifying member servers and their requirements Identifying Clients and their requirements

27 Types of users and groups Administration users Read users Write users Member servers Groups – Static – Dynamic

28 Defining data access requirements What can each member server do and see Types of information can users see What attributes the user can change on themselves Data risk level – Is the data public? – Is the data restricted per organizational units? – Is the data used for the infrastructure?

29 Data risk level Is the data public? Is the data restricted per organizational units? Is the data used for the infrastructure?

30 2. Securing the Directory Implementing ACL Strong password management

31 2. LDAP server host security File system – File system ACL – Identifying critical data – Integrity Non-privilege user Registry (Win32 only) Limiting services

32 File system File system ACL Identifying critical data Integrity

33 3. Network security Encrypting data – SLDAP Authentication – Basic? – Certificate? – Anonymous?

34 Special consideration for single sign on Security of the object class attributes 1. NT Authentication using iPlanet Directory Server 2. PAM authentication via LDAP Security of the authentication module

NT Authentication using iPlanet Directory Server

PAM authentication via LDAP

37 Quick Links Further readings Tools Implementations

38 Further readings LDAP Overview by Bruce Greenblatt Why LDAP & Security Are Critical to Your Success Solaris 8 LDAP Setup and Configuration Guide IBM Understanding LDAP Securing Netscape Directory Server paper (work in progress)

39 Tools LDAP Browser/Editor LDAPMiner NetscapeGetACL LDAPRootDSE

40 Implementations OpenLDAP iPlanet Novell eDirectory Tivoli(IBM)

Questions?

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.