SlideShare uma empresa Scribd logo

Identity management

Transferir como PPT, PDF
K
kamalikamj
1 de 9
Identity Management in 802.1x networks
Network without Identity Management Microsoft AD, DC and Radius(IAS/NPS) server Finance Team Finance Dept Project Team Network switch Network switch Client Private Private Project Network Network Visitor Internet Internet
Why is identity management needed in networks • Security to your network. • Protecting confidential data. • Per Project level isolation.
What is Identity Management Authentication/Authorizati Account ID on Server Domain VLAN Membership Identity Identity Network switch Network switch IP Address Mac Address
How does an Identity Aware Network look like Microsoft AD, DC and Finance Team Radius(IAS/NPS) server Finance Dept VLan Project Team Network switch Enabled with Network switch Enabled with identity identity management management Client Project Private Private Network Network Visitor Vlan Guest VLAN Guest VLAN Internet Internet
Network without VLAN t Team Projec e Te am Financ Ne tw or k Sw itc h Since there is no vlan Since there is no vlan isolation in the switch, isolation in the switch, anyone connecting to the anyone connecting to the switch will have access to switch will have access to anything in the network. Finance Project Team anything in the network. Team Visitors
How does VLAN isolation work? Ne tw or k Sw it c h Finance Project Team Team Visitors
How Does Authentication work ? Radius verifies the Radius verifies the Switch sends the user Switch sends the user Account ID /Domain Account ID /Domain identity to identity to • Microsoft AD, DC id with AD id with AD Authentication Server Authentication Server • Radius(IAS/NPS) server Radius processes the policy Radius processes the policy set for that user : : set for that user 1.Security Group 1.Security Group 2.Radius attributes (In this 2.Radius attributes (In this case vlan membership) case vlan membership) Vlan Project Team Mem b ersh Network Switch Network Switch ip Client Private Private Project Network Network Vlan Based on the information sent Based on the information sent User connects to User connects to by Radius, the switch places by Radius, the switch places the networks the networks the person in the the person in the corresponding vlan corresponding vlan
Questions ?

Recomendados

Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...Peter de Haas
 
Ruckus BYOD whitepaper
Ruckus BYOD whitepaperRuckus BYOD whitepaper
Ruckus BYOD whitepaperMichal Jarski
 
Technical Cyber Defense Strategies Explained!
Technical Cyber Defense Strategies Explained!Technical Cyber Defense Strategies Explained!
Technical Cyber Defense Strategies Explained!Microsoft TechNet - Belgium and Luxembourg
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLiveAction Next Generation Network Management Software
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Corporation
 
Cloud Security Foundation
Cloud Security FoundationCloud Security Foundation
Cloud Security Foundationhagero
 

Recomendados

Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...Peter de Haas
 
Ruckus BYOD whitepaper
Ruckus BYOD whitepaperRuckus BYOD whitepaper
Ruckus BYOD whitepaperMichal Jarski
 
Technical Cyber Defense Strategies Explained!
Technical Cyber Defense Strategies Explained!Technical Cyber Defense Strategies Explained!
Technical Cyber Defense Strategies Explained!Microsoft TechNet - Belgium and Luxembourg
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLiveAction Next Generation Network Management Software
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Corporation
 
Cloud Security Foundation
Cloud Security FoundationCloud Security Foundation
Cloud Security Foundationhagero
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
The Open Splice.Org Community
The Open Splice.Org CommunityThe Open Splice.Org Community
The Open Splice.Org CommunityAngelo Corsaro
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%SAS
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...CA API Management
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 
Embrace Change
Embrace ChangeEmbrace Change
Embrace ChangeAngelo Corsaro
 
Open APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsOpen APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsCA API Management
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOEJon Duke, MD, MS
 
Ct 1 Danielson
Ct 1 DanielsonCt 1 Danielson
Ct 1 Danielsonguest43dc4b
 
Decoding SDN
Decoding SDNDecoding SDN
Decoding SDNJuniper Networks
 
Enhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkEnhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkCisco Canada
 
Cryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCRYPTOCARD
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
DirectAccess
DirectAccessDirectAccess
DirectAccessDigicomp Academy AG
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformMS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformSpiffy
 

Mais conteúdo relacionado

Mais procurados

Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
The Open Splice.Org Community
The Open Splice.Org CommunityThe Open Splice.Org Community
The Open Splice.Org CommunityAngelo Corsaro
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%SAS
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...CA API Management
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 
Open APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsOpen APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsCA API Management
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOEJon Duke, MD, MS
 
Enhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkEnhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkCisco Canada
 
Cryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCRYPTOCARD
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 

Mais procurados (18)

Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 
The Open Splice.Org Community
The Open Splice.Org CommunityThe Open Splice.Org Community
The Open Splice.Org Community
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%Private Cloud reduces risk calculations by 50%
Private Cloud reduces risk calculations by 50%
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
 
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7
 
Embrace Change
Embrace ChangeEmbrace Change
Embrace Change
 
Open APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsOpen APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative Solutions
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOE
 
Ct 1 Danielson
Ct 1 DanielsonCt 1 Danielson
Ct 1 Danielson
 
Decoding SDN
Decoding SDNDecoding SDN
Decoding SDN
 
Enhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your NetworkEnhancing and Operating Video Collaboration with your Network
Enhancing and Operating Video Collaboration with your Network
 
Cryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCryptocard Next Generation Authentication
Cryptocard Next Generation Authentication
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop
 

Semelhante a Identity management

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformMS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformSpiffy
 
Axial What We Do
Axial What We DoAxial What We Do
Axial What We Dodmcleodglas
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudpietrobr
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industriesdirkbeth
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azurevivekbhat
 
5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1Digicomp Academy AG
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategydrmarcustillett
 

Semelhante a Identity management (20)

DirectAccess
DirectAccessDirectAccess
DirectAccess
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformMS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
 
Axial What We Do
Axial What We DoAxial What We Do
Axial What We Do
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloud
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure Overview
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
 
Cloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeatCloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeat
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
 
Chris millercloud
Chris millercloudChris millercloud
Chris millercloud
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azure
 
5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
 
Enterprise Applications on AWS
Enterprise Applications on AWSEnterprise Applications on AWS
Enterprise Applications on AWS
 

Mais de kamalikamj

Anatomy of a Continuous Delivery Pipeline
Anatomy of a Continuous Delivery PipelineAnatomy of a Continuous Delivery Pipeline
Anatomy of a Continuous Delivery Pipelinekamalikamj
 
DevOps Not A Toolbox
DevOps Not A ToolboxDevOps Not A Toolbox
DevOps Not A Toolboxkamalikamj
 
Back To Basics
Back To BasicsBack To Basics
Back To Basicskamalikamj
 
Change Can Be Good
Change Can Be GoodChange Can Be Good
Change Can Be Goodkamalikamj
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefkamalikamj
 
Automating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and ChefAutomating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and Chefkamalikamj
 

Mais de kamalikamj (6)

Anatomy of a Continuous Delivery Pipeline
Anatomy of a Continuous Delivery PipelineAnatomy of a Continuous Delivery Pipeline
Anatomy of a Continuous Delivery Pipeline
 
DevOps Not A Toolbox
DevOps Not A ToolboxDevOps Not A Toolbox
DevOps Not A Toolbox
 
Back To Basics
Back To BasicsBack To Basics
Back To Basics
 
Change Can Be Good
Change Can Be GoodChange Can Be Good
Change Can Be Good
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
 
Automating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and ChefAutomating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and Chef
 

Identity management

  • 1. Identity Management in 802.1x networks
  • 2. Network without Identity Management Microsoft AD, DC and Radius(IAS/NPS) server Finance Team Finance Dept Project Team Network switch Network switch Client Private Private Project Network Network Visitor Internet Internet
  • 3. Why is identity management needed in networks • Security to your network. • Protecting confidential data. • Per Project level isolation.
  • 4. What is Identity Management Authentication/Authorizati Account ID on Server Domain VLAN Membership Identity Identity Network switch Network switch IP Address Mac Address
  • 5. How does an Identity Aware Network look like Microsoft AD, DC and Finance Team Radius(IAS/NPS) server Finance Dept VLan Project Team Network switch Enabled with Network switch Enabled with identity identity management management Client Project Private Private Network Network Visitor Vlan Guest VLAN Guest VLAN Internet Internet
  • 6. Network without VLAN t Team Projec e Te am Financ Ne tw or k Sw itc h Since there is no vlan Since there is no vlan isolation in the switch, isolation in the switch, anyone connecting to the anyone connecting to the switch will have access to switch will have access to anything in the network. Finance Project Team anything in the network. Team Visitors
  • 7. How does VLAN isolation work? Ne tw or k Sw it c h Finance Project Team Team Visitors
  • 8. How Does Authentication work ? Radius verifies the Radius verifies the Switch sends the user Switch sends the user Account ID /Domain Account ID /Domain identity to identity to • Microsoft AD, DC id with AD id with AD Authentication Server Authentication Server • Radius(IAS/NPS) server Radius processes the policy Radius processes the policy set for that user : : set for that user 1.Security Group 1.Security Group 2.Radius attributes (In this 2.Radius attributes (In this case vlan membership) case vlan membership) Vlan Project Team Mem b ersh Network Switch Network Switch ip Client Private Private Project Network Network Vlan Based on the information sent Based on the information sent User connects to User connects to by Radius, the switch places by Radius, the switch places the networks the networks the person in the the person in the corresponding vlan corresponding vlan