building trust and security - events | internet2 · building trust and security . adventures. in...
TRANSCRIPT
![Page 1: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/1.jpg)
Building Trust and Security Adventures in Access Management on Campus and in the Cloud
October 30, 2014
![Page 2: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/2.jpg)
[ 2 ]
• Adventure #1: Ann West, Internet2 InCommon • Adventure #2: Mary Dunker, Virginia Tech • Adventure #3: Renee Shuey, Penn State
Moderated by Steve Devoti, University of Wisconsin-Madison
Building Trust and Security: Adventures in Access Management on Campus and in the Cloud
© 2014 Internet2
![Page 3: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/3.jpg)
[ 3 ]
Adventure #2 Achieving Security Through InCommon Silver
MARY DUNKER, VIRGINIA TECH
![Page 4: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/4.jpg)
[ 4 ]
THE SETTING
![Page 5: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/5.jpg)
[ 5 ]
SETTING
4.2.8 TECHNICAL ENVIRONMENT
4.2.8.2 (S) Network Security
2. All personnel with login access to IdMS Operations infrastructure elements must use access Credentials as least as strong as the
strongest Credential issued by the IDPO.
![Page 6: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/6.jpg)
[ 6 ]
SETTING
![Page 7: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/7.jpg)
[ 7 ]
CHARACTERS
4.2.3 CREDENTIAL TECHNOLOGY
ALTERNATIVE MEANS for meeting criteria
x.509 personal digital certificate on SafeNet eToken
![Page 8: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/8.jpg)
[ 8 ]
• Token Administration System • EJBCA (PKI) • Directory Administration Tool • Person Registry database
server • Shibboleth server • CAS server • LDAP server
THE PLOT
All personnel with login access to the following Virginia Tech applications and servers use a credential at least as strong as the personal digital certificate on an eToken.
![Page 9: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/9.jpg)
[ 9 ]
Fall, 2013, Admin Password Compromise in Windows Active Directory Child Domain
THE PLOT (WITH VILLAIN)
![Page 10: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/10.jpg)
[ 10 ]
Windows Active Directory IdMS
Operations Infrastructure
Elements
THE SAFE HOUSE
![Page 11: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/11.jpg)
[ 11 ]
IdMS Operations
Infrastructure Elements
THE SAFE HOUSE
![Page 12: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/12.jpg)
[ 12 ]
SECURITY IS BEING ABLE TO SLEEP AT NIGHT.
![Page 13: Building Trust and Security - Events | Internet2 · Building Trust and Security . Adventures. in Access Management on Campus and in the Cloud . October 30, 2014 ... • EJBCA (PKI)](https://reader034.vdocuments.us/reader034/viewer/2022051801/5ad99f027f8b9afc0f8b6cc1/html5/thumbnails/13.jpg)
[ 13 ]
Virginia Tech Multi Factor Authentication Working Group will recommend plans to implement multi-factor one-time password technology for critical applications and servers. The Adventure continues…
EPILOGUE