Download
1 / 9
90 likes | 280 Views
Component : Global Sign-On. User Administration : 사용자 등록 관리 Global Sign-On : 사용자 Log On 관리 Security Manager : 보안 정책 생성 및 적용 관리 Policy Director : 웹 서버 접근 관리 Privacy Manager : 개인 정보 접근 관리 Risk Manager : 침입 위험 관리 PKI : 공개 키를 이용한 인증 관리. Component : Global Sign-On - 특징.
E N D
Component: Global Sign-On • User Administration : 사용자 등록 관리 • Global Sign-On : 사용자 Log On 관리 • Security Manager : 보안 정책 생성 및 적용 관리 • Policy Director : 웹 서버 접근 관리 • Privacy Manager : 개인 정보 접근 관리 • Risk Manager : 침입 위험 관리 • PKI : 공개 키를 이용한 인증 관리
Component: Global Sign-On - 특징 • One time Log on but can access all permitted resources • Built on a robust, secure, and centralized authentication • Interoperable with existing security environments • Uses Kerberos secret key authentication for the initial logon • Uses 56-bit DES: authentication server -> user's workstation • Logon information • ID, password, host name, and so on • Never cached or stored on the user's workstation
Component: Global Sign-On - 특징(계속) • Two methods of strong authentication • Smart cards • PKCS#11 smart-card interface standard • Tested • Schlumberger Cryptoflex SmartCard from Litronic Inc. • IBM SmartCard • Biometrics • SecureTouch fingerprint reader from Biometric Access Corporation
Component: Global Sign-On - 특징(계속) • Tivoli Management • Integrates with Tivoli SecureWay User Administration • Integration supports role-based administration • Tivoli Plus module : automated installation and configuration • The included distributed monitoring support • Monitor allowed from Tivoli Enterprise Console • Monitor allowed from Tivoli Distributed Monitoring.
Component: Global Sign-On - 특징(계속) • Extensible and Flexible • Extensible to any application that requires logon • Using program-template files and scripting • Allows logon to applications or systems that provide • Command line interface (CLI) • Application programming interface (API) • Supports 3270 emulation, 5250 emulation, and many others • Supports a standard Windows dialog box for logon/password • Uses window-watching adapter code • Example : Lotus cc:Mail, many Internet-based applications
Targets MANAGEMENT NT Apps LAN Server Event Console Distributed Monitor VM Notes Server Netware Server Databases Software Distribution User Admin TSO U/P Logon to targets SMART CARD Single Logon Request authentication from server Programs: GSO Client Securely retrieve target info - PCOM (3270 emul) - NT client - Netware client -Notes client User's Target info GSO Server Get local logon mechanisms - VM - TSO - NT Apps - Netware Server - LAN Server - Notes Server Component: Global Sign-On - Architecture
Component: Global Sign-On - Target 확장성 • Target application이 GSO의 “out of the box” 로 구현될 수 없을 경우 • Target을 지원하도록 GSO를 확장 • GSO는 다음을 경유한 logon을 사용하는 Application에 대해 확장될 수 있음 • Application Programming Interface (API) • Command Line Interface (CLI) • Windows dialog box • Terminal Emulation (via EHLLAPI) • Software Development Guide (SDG) 사용 • 확장예 : • Peoplesoft, SAP, cc:Mail, Web Server GUI, Tivoli Desktop, etc.
NetWare Notes/Domino Unix AS/400 OS/2 Sun OS/390 HP NT AIX GSO 1 id, 1 pwd End User Component: Global Sign-On - 효과 • Userid, Password 단일화 • 관리 단순 • 분실/노출 위험 감소 • 접근 통제의 집중화 • 효과적 통제 • 일관성 유지 • Virtual Single System Image • 생산성 증대 • 관리 효율성 향상
Component: Global Sign-On - Platform • Target • 3270 mainframe applications • 5250 applications (OS/400R) • Novell NetWare • Windows NT Server • LAN Server/Warp Server • Lotus Notes • UNIX systems • Other systems and applications • Using CLI • Using API • Using window-watching • Client • Windows 95 • Windows 98 • Windows NT 4.0 • Server • Windows NT 4.0 • AIX • Sun Solaris
