70 likes | 190 Views
Single Sign-on Integration (SSI) MSIT 458 – Information Security. Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza Shaikh Naveed Asem 10/14/2012. General Problem – Lack of SSI.
E N D
Single Sign-on Integration (SSI)MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza Shaikh Naveed Asem 10/14/2012
General Problem – Lack of SSI Problem - Lack of Single Sign-On Integration (SSI) is wide-spread across companies in all major industries Cause • Lack of understanding security architecture • Lack of understanding implementation options • Lack of enterprise IT governance Effect • Fail to follow enterprise security standards • Wasted infrastructure resources • Major security risk; Prone to authenticity attacks
SSI Problem in Our Company • Our company has HR app with sensitive data • salary, age, performance reviews, etc • HR app lacks Single Sign-on Integration • HR app utilizes non-standard authentication • Before exposing HR app to internet, SSI needs to be implemented to provide better security
Current System Architecture The current HR web application… • …is an intranet application • …is a reporting front-end • …is not a custom application • …is generated through Microsoft SSRS • …has sensitive data • …has a dynamic user base • …uses SSRS “native mode” that relies on windows authentication
Problem Statement Problem Statement: • Enterprise authentication policies not enforced • Authenticated users are re-authenticated • Users spend more time logging in • Users have to remember additional password • Not leveraging Organization hierarchies • Lack of security infrastructure (high-availability, disaster recovery, etc.) for user authentication
Options to Solve SSI Problem Option 1 – SharePoint Integration • Integrate HR app into enterprise SharePoint Farm • May also deploy reports as SharePoint web parts only Option 2 – Active Directory • Use AD for authentication • AD already configured for LDAP, Kerberos, DNS • ADFS provides SSO Option 3 – SharePoint & AD • Combination of option 1 and option 2
Feedback Request Improvement Ideas? Additional Options for Part 3? Thank you, Team Triad Radu + Moniza + Naveed