4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs.

Slides:

Advertisements

Similar presentations

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

Advertisements

Jill Gemmill 2004 H.350 (ITU-T Recommendation H.350 Directory Services Architecture for Multimedia) What and Why? Egon Verharen, SURFnet Jill Gemmill,

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.

Understanding Active Directory

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

1 Enabling Secure Internet Access with ISA Server.

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

Overview Print and Document Services Print Management console Printer properties Troubleshooting.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

Implementing Secure Shared File Access

Session 11: Security with ASP.NET

© 2006 Avaya Inc. All rights reserved. Avaya – Proprietary & Confidential. For Limited Internal Distribution. The information contained in this document.

First choice for global Microsoft Lync deployments.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

Introduce LDAP 张海鹏 SOA Mult - Little system User Manager System (share between other systems) How to store user Information How to access.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Sametime Security and Authentication Eli M. Harris Collaboration.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

1 Introduction of Desktop Video Conferencing based on ITU-Standard H.350 Spring 2005 Internet2 Member Meeting Frank Reinemer Managed Services Consulting,

1 © 2008 Avaya Inc. All rights reserved. IPOffice Configuration Service Emil Ratnam.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

Extending OpenLDAP Luke Howard PADL Software Pty Ltd Copyright © 2003 PADL Software Pty Ltd. All rights reserved. PADL is a registered trademark of PADL.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Introduction to Lightweight Directory Access Protocol Introduction Danny Conte Conte Consultants Inc. Jan 31 st 2002.

LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

Identity Management Technical Training LDAP and Directory Services Joachim Andres Guillaume Andru Renaud Métrich Sun Microsystems, Inc.

Getting Started with OPC.NET OPC.NET Software Client Interface Client Base Server Base OPC Wrapper OPC COM Server Server Interface WCF Alternate.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2.

Apache DS 2.0 Emmanuel Lécharny Nextury What's new ?

The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

AACLS Documentation LDAP and releasing information issue ACL and ACI AACLS Model Physical Architecture Logical Architecture Example : a French university.

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.

Jill Gemmill 2004 NMI Component: commObject ITU-T H.350 Directory Services for Multimedia Jill Gemmill University of Alabama at Birmingham

Module 10: Identity and Access Services in Windows Server 2008 Active Directory.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Mobile Analyzer A Distributed Computing Platform Juho Karppinen Helsinki Institute of Physics Technology Program May 23th, 2002 Mobile.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

The Apache Directory Project - Toolchain for Developers

Introduction to LDAP Frank A. Kuse.

Data Virtualization Tutorial… LDAP Domains in CIS

Implementing Network Access Protection

Index Object Schema and Replication Infrastructure

Implementation and configuration of LDAP

Architecture Competency Group

Operational Issues in Directories (selected)

NCHELP Update Common Record for FFELP & Alternative Loans Meteor

Presentation transcript:

4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs needed to reproduce results - a small step in H.323 / LDAP integration - discussion of a possible vidmid authentication directory What this presentation is NOT about - discussion of video schema proposals - discussion of all possible client server configurations - endorsement of any specific vendor gear

H.323 / LDAP Security

4 October 2001 Project scope Investigate H.323 gatekeeper / directory “authentication” Understand details of RADvision ECS implementation Present findings and submit recommendations Discussion of results

4 October 2001 Project notes Increased security More moving parts More to troubleshoot (security v. functionality) Potential long term gain

4 October 2001 Overview of findings RADvision ECS GK will talk to an LDAP directory H.323 client registration can be proxied through the GK to a directory Does not perform RFC1777 LDAP authentication

4 October 2001 RFC1777 / 2251 authentication Simple authentication over TLS LDAP_Result == 0 sent as a bind response to DN/userPassword bind attempt Practical implementation usually involves a search on “mail | cn” attribute, returning the DN.

4 October 2001 RADvision ECS dependencies A stable software revision Point and click tab on ECS to enable LDAP Set ECS to check directory for matching presence of “rvuseralias” attribute for registration Allocate and configure proprietary DIT in the directory for ECS use Specific directory entries need to be in place

4 October 2001 Schema modifications RADvision objectclasses (ECS CD2) RADvision attributes (ECS CD2) ftp.radvision.com, thanks iplanet aci attributes (docs.iplanet.com) Custom schema mods / DNs available

4 October 2001 Test gear profile RADvision ECS / NT box iplanet 4.12 DS / Sun netra t1 / S8 VCON client / NT box Mt.Dew / Doritos

4 October 2001 The observer effect No client response to denied registration No client response to successful registration Sparse RADvision implementation docs Hard coded ECS schema / DN requirements No (direct) support for LDAP over SSL

4 October 2001 Assessment of results Marginal increase security of H.323 conferences, when not using SSL Enable a distributed registration process Parallel step in making H.323 registration more manageable Possible ip telephony applications (don’t phreak out) Distributed interdisciplinary collaboration necessary to make any real progress

4 October 2001 Recommendations (for vendors) Allow for schema modification on gatekeepers Code RFC1777 LDAP authentication in GK as LDAP clients Extend H.323 clients to test and report registration status Support native SSL in GK as an LDAP client (use stunnel until then) Loan me your gear to test, verify and report on against a known DIT

4 October 2001 What’s next? OARnet will host a reference directory for Internet2 vidmid testing at ldap.enss.net or vidmid.osu.edu Both client (GK) and directory schemas will be made available Deployment of YACeViD

4 October 2001 YACeViD

Albert School