|
|
Complex Wake-on-LAN solution for particular computer network
Sakala, Peter ; Frolka, Jakub (referee) ; Jeřábek, Jan (advisor)
The goal of this thesis is based in designing a web application from obtained information, which will be used to remotely wake up computers within the Department of Telecommunications FEEC BUT. The theoretical part of the thesis is focused on WoL technology, and related technologies and protocols. Moreover, it is focused on a single sign-on system in web services, functions of eduID.cz federation and current web technologies. The practical part is the actual designing of the application including the database structure required for storing data, its realization, use and testing.
|
|
|
Authentication of web service users
Plašil, Matouš ; Ležák, Petr (referee) ; Burda, Karel (advisor)
In this bachelor thesis are presented methods for Single Sign-On from perspective of client application. It takes a closer look at protocols OpenID and OAuth and explains the main differencies. Next part of the thesis is focused on registration of application and communication between server and client application. This is realized by OAuth protocol. In the practical part is described a created web application and used methods are explained.
|
|
|
Single Sign-On in J2EE Web Applications Based on SPNEGO/Kerberos
Nečas, Tomáš ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
The dissertation deals with requirements, analysis, description and integration of Single Sign-On solution based on SPNEGO/Kerberos protocol. The thesis provides an overview of the Single Sign-On basic principles and concepts and deals with the Kerberos authentication mechanism in more detail. After introducing the fundaments of the Kerberos protocol, its terminology and common implementations, attention is focused on the services and settings of Microsoft Kerberos implementation in Windows 2000/2003 environment. An authentication solution demonstration is performed on J2EE platform using the authentication filter and plug-in. The thesis also includes a brief overview of integrating the Single Sign-On solution into different architectures of corporate information systems and describes the implementation process of this solution. In conclusion, the usability of Kerberos Single Sign-On solution in today's business sector is analysed.
|
|
|
Cosign Authentication in PHP
Kovářík, Jiří ; Skokanová, Jana (referee) ; Lampa, Petr (advisor)
Master's thesis deals with issue of cookie-based central authentication services. Present-day methods of single sign-on are described. The specification of single sign-on mechanism Cosign and its authentication filter is closely viewed. Cryptographic algorithms needed by this filter are described, as well as their possible realization in PHP. Next, the implementation of Cosign authentication filter is described. Performance of the filter is tested and its future use is analysed.
|
|
|
Automatic Kerberos Key Rotation
Kos, Ondřej ; Henzl, Martin (referee) ; Zelený, Jan (advisor)
Práce je zaměřena na autentizační systém Kerberos a jeho správu, převážne v oblasti Keytab souborů. Práce popisuje základní součásti celého systému, které jsou v těchto operacích zapojeny, a jejich hlavní vlastnosti. Částečně je také popsán administrační systém FreeIPA, jenž pro autentizaci uživatelů Kerberos využívá. Hlavním cílem bylo vytvořit aplikaci schopnou automaticky a bez uživatelova přičinění rotovat klíče Kerbera a zvýšit tak úroveň zabezpečení celého systému pro případy odposlechů komunikace.
|
|
|
Identity management
Kefer, Daniel ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The master thesis is divided into two parts. In the first part, identity management is described on theoretical basis. Particular domains of identity management including authentication, authorization and audit are explained as well as Single Sign-On concept, i.e. using single credentials and entering them just once for access to multiple independent systems or services. In the second part, which forms the main part of this thesis, a practical project was implemented on the infrastructure of the Department of Telecommunications within the Faculty of Electrical Engineering and Communication, Brno University of Technology. The goal of this project was to create an environment for central 4 authentication and Single Sign-On using only open source technologies within a computer laboratory used for teaching OS Linux. The project is based on OS Linux Debian, Kerberos as a protocol for secure authentication and LDAP server OpenLDAP. For the Single Sign-On demonstration, NFS services for accessing data on the network were chosen. Using NFS services, users can sign-on to any workstation and access all their data. Administration of users and their import from central FEEC databases was implemented using scripts developed in Python. Next, using Apache, PHP and MySQL, a front-end audit interface for the network administrator was developed in order to inspect and evaluate security events in the network. Messages about suspicious events are delivered to administrator’s mailbox in real time. The project is intended as a security platform which means that other services can be implemented for Single Sign-On as well as new mechanisms for evaluation of suspicious events.
|
|
|
Access and communication security in SAP information systems
Karkošková, Soňa ; Bruckner, Tomáš (advisor) ; Holub, Ilja (referee)
This diploma thesis deals with the methods used to ensure access and communication security in large-scale SAP information systems. It deals with the analysis of existing methods, compares them, and identifies how the methods are usable in the operation of large-scale SAP information systems, as well as it identifies methods that fail in this environment. Justification of methods usability is carried out. Attention is focused on the use and implementation of single sign-on safe authentication methods, secure sharing of user identity and secure communication within the framework of a large-scale SAP information system. In this thesis is carried out a design proposal of the architecture in order to ensure access and communication security in SAP information systems using the LDAP service, SNC Kerberos and single sign-on authentication. In the practical example is documented the detailed technical implementation of this architecture. Furthermore, this thesis deals with the specifics which exist especially in large-scale SAP information systems in the area of access and communication security and documents the appropriate ways to address them.
|
|
|
The Benefits of Identity and Access Management
Strachota, Marek ; Balada, Jakub (advisor) ; Buchalcevová, Alena (referee)
This thesis defines and verifies the benefits of Identity and Access management systems that firms and institutions make use of. The first part contains an examination of the very basic principles of Identity and Access management. This is where the characteristic features are described and their advantages and disadvantages valued. The last part sums up and comments all the advantages, drawbacks and possible risks, while a certain set of metrics are recommended. The following part describes the most important firms on the Identity and Access management market and their own products. Trends and market situation is examined. The practical part focuses on the real benefits of Identity and Access management solutions when used in a chosen firm. The situation before and after upgrading a certain Identity and Access management solution in a selected firm is observed and the benefits and shortcomings are evaluated. The outcome of this thesis is to confirm both theoretical and practical expectations and considerations of Identity and Access management solutions in a real life situation.
|
|
|
Password management in the enterprise network
Turanský, Jan ; Pavlíček, Luboš (advisor) ; Klíma, Tomáš (referee)
The aim of this bachelor work is to describe and evaluate the importance and options of password management in the enterprise. Almost each enterprise owns important documents with valuable information, which are saved to it' s servers or hard drives. Safe password management protects these information against attackers, who try to gain them and misuse. In a practical part is described actual password management in a specific enterprise with evaluation and with recommendation to improvement if necessary.
|
|
|
Signing in users using simpleSAMLphp
Vrbík, Tomáš ; Pavlíček, Luboš (advisor) ; Palovský, Radomír (referee)
The document theoretically and practically deals with capabilities of using shared authentication in 3 varieties. The first is technologically easiest alternative of direct access to the authentication database. Second one is usage of shared authentication website, commonly known as Open ID. Third option is Single Sign-On system. The goal is to solve the fact dominating in use, where there is a need to have a special account set for every service user uses. The amount of services supporting shared authentication is minor. The second part of the document describes in detail the deployment of simpleSAMLphp, the web application designed for an implementation of the Single Sign-On. For the implementation a web server with PHP support has been used. As an application, which uses the shared authentication via simpleSAMLphp, WordPress was picked. Authenticating users on the side of Identity Provider was done against LDAP directory server OpenDS.
|
guest ::
