Global ETD Search

31	LDAP Ubik Merzky, Alexander 06 June 2005 (has links) Entwicklung einer Lösung zur Umgehung des Single-Point-Of-Failures bei Schreiboperationen bisheriger LDAP-Replikationsmethoden. info:eu-repo/classification/ddc/000 ddc:000 LDAP Replikation Master SPOF Slave UBIK
32	Digital Vacation Management : An Electronic Vacation Management System for Karlstad Municipality Pykäläinen, Heidi January 2020 (has links) The digitization of manual handling of paper forms is an ongoing project atKarlstad municipality, and their management of vacation exchanges is one of thefirst business processes to be digitized. This process involves applicants printingand filling in a vacation exchange paper form, which is submitted to a departmentmanager for processing, and then forwarded to a payroll administrator forregistering.The goal of this thesis was to develop a Proof-of-Concept (PoC) e-service forvacation exchange management at Karlstad municipality. The design of the PoCis based on requirements gathered by interviewing end-users and investigatingtechnical constraints imposed by current systems in place at Karlstad municipality.The PoC is designed as a Web application managing resources from an objectdatabase, and an account directory. The implementation was carried out usingopen source and standardized frameworks. Open source tools were used for theobject database and the account directory. The PoC was evaluated against setrequirements. Avenues for future work include a more thorough investigation ofthe account directory at Karlstad municipality. MERN digitization JavaScript open source LDAP React Node MongoDB Express Web Computer Sciences Datavetenskap (datalogi)
33	A High-Availability Architecture for the Dynamic Domain Name System Filippi, Geoffrey George 09 June 2008 (has links) The Domain Name System (DNS) provides a mapping between host names and Internet Protocol (IP) addresses. Hosts that are configured using the Dynamic Host Configuration Protocol (DHCP) can have their assigned IP addresses updated in a Dynamic DNS (DDNS). DNS and DDNS are critical components of the Internet. Most applications use host names rather than IP addresses, allowing the underlying operating system (OS) to translate these host names to IP addresses on behalf of the application. When the DDNS service is unavailable, applications that use DNS cannot contact the hosts served by that DDNS server. Unfortunately, the current DDNS implementation cannot continue to operate under failure of a master DNS server. Although a slave DNS server can continue to translate names to addresses, new IP addresses or changes to existing IP addresses cannot be added. Therefore, those new hosts cannot be reached by the DDNS. A new architecture is presented that eliminates this single point of failure. In this design, instead of storing resource records in a flat text file, all name servers connect to a Lightweight Directory Access Protocol (LDAP) directory to store and retrieve resource records. These directory servers replicate all resource records across each other using a multi-master replication mechanism. The DHCP servers can add records to any of the functioning DNS servers in event of an outage. In this scheme, all DNS servers use the anycast Border Gateway Protocol (BGP). This allows any of the DNS servers to answer queries sent to a single IP address. The DNS clients always use the same IP address to send queries. The routing system removes routes to non-functional name servers and delivers the request to the closest (according to network metrics) available DNS server. This thesis also describes a concrete implementation of this system that was created to demonstrate the viability of this solution. A reference implementation was built in a laboratory to represent an Internet Service Provider (ISP) with three identical regions. This implementation was built using Quagga as the BGP routing software running on a set of core routers and on each of the DNS servers. The Berkeley Internet Name Daemon (BIND) was used as an implementation of the DNS. The BIND Simplified Database Backend (SDB) interface was used to allow the DNS server to store and retrieve resource records in an LDAP directory. The Fedora Directory Server was used as a multi-master LDAP directory. DHCP service was provided by the Internet Systems Consortium's (ISC) DHCP server. The objectives for the design were high-availability, scalability and consistency. These properties were analyzed using the metrics of downtime during failover, replication overhead, and latency of replication. The downtime during failover was less than one second. The precision of this metric was limited by the synchronization provided by the Network Time Protocol (NTP) implementation used in the laboratory. The network traffic overhead for a three-way replication was shown to be only 3.5 times non-replicated network traffic. The latency of replication was also shown to be less than one second. The results show the viability of this approach and indicate that this solution should be usable over a wide area network, serving a large number of clients. / Master of Science DNS DDNS BGP anycast DHCP replication LDAP multi-master high-availability reliability
34	Um serviço de diretórios tolerante a falhas e intrusões Mendonça Neto, Rayol 17 May 2016 (has links) Submitted by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2016-11-29T14:58:13Z No. of bitstreams: 1 Dissertação - Rayol de Mendonça Neto.pdf: 7610835 bytes, checksum: 6c4c8ac8cd33ea82c062cd5bb0830639 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2016-11-29T14:58:26Z (GMT) No. of bitstreams: 1 Dissertação - Rayol de Mendonça Neto.pdf: 7610835 bytes, checksum: 6c4c8ac8cd33ea82c062cd5bb0830639 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2016-11-29T14:58:46Z (GMT) No. of bitstreams: 1 Dissertação - Rayol de Mendonça Neto.pdf: 7610835 bytes, checksum: 6c4c8ac8cd33ea82c062cd5bb0830639 (MD5) / Made available in DSpace on 2016-11-29T14:58:46Z (GMT). No. of bitstreams: 1 Dissertação - Rayol de Mendonça Neto.pdf: 7610835 bytes, checksum: 6c4c8ac8cd33ea82c062cd5bb0830639 (MD5) Previous issue date: 2016-05-17 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Directory services are often used to store sensitive information (e.g., data and user credentials) in many critical systems such as access control and authentication services, DNS servers, e-mail and public key infrastructures. Although they provide a certain degree of security to prevent attacks and failures (e.g., security protocols and self replication mechanisms), the current directory services implementations, based on LDAP, they are not safe in fact, scalable and intrusions free. In this context, this work presents the first architecture for directory services based on the LDAP protocol, capable to tolerate failures and intrusions. For the development of this architecture is employed state machine replication to tolerate failure, and the diversity of systems at different levels to tolerate intrusions. The feasibility and applicability of the proposed solution is shown through several experiments. As a result, it is possible to attest that the system is efficient, with a performance at least three times better than the state of the art, as well as scalable and resilient. / Serviços de diretório são frequentemente usados para armazenar informações sensíveis (e.g., dados e credenciais de usuários) nos mais variados sistemas críticos, tais como serviços de autenticação e controle de acesso, servidores DNS, e-mail e infra-estrutura de chaves públicas. Embora possuam um certo grau de segurança para evitar ataques e falhas (e.g., protocolos de segurança e mecanismos próprios de replicação de dados), as atuais implementações de serviços de diretórios, baseadas no protocolo LDAP, não são de fato seguras, escaláveis e livres de intrusões. É neste contexto que esta dissertação apresenta a primeira arquitetura para serviços de diretórios, baseado no protocolo LDAP, capaz de tolerar falhas e intrusões. Para o desenvolvimento desta arquitetura é empregada a replicação de máquinas de estado, para tolerar falhas, e a diversidade de sistemas, em diferentes níveis, para tolerar intrusões. A viabilidade e aplicabilidade da solução proposta é demonstrada através de diversos experimentos. Como resultado, é possível atestar que o sistema é eficiente, com um desempenho no mínimo três vezes melhor que o estado da arte, bem como escalável e resiliente. Operações LDAP Técnicas de Tolerância Replicação de Máquinas Arquitetura da biblioteca BFT-SMaRt Diretórios Tolerantes Falhas Bizantinas
35	Přístupová a komunikační bezpečnost v informačních systémech SAP / Access and communication security in SAP information systems Karkošková, Soňa January 2012 (has links) This diploma thesis deals with the methods used to ensure access and communication security in large-scale SAP information systems. It deals with the analysis of existing methods, compares them, and identifies how the methods are usable in the operation of large-scale SAP information systems, as well as it identifies methods that fail in this environment. Justification of methods usability is carried out. Attention is focused on the use and implementation of single sign-on safe authentication methods, secure sharing of user identity and secure communication within the framework of a large-scale SAP information system. In this thesis is carried out a design proposal of the architecture in order to ensure access and communication security in SAP information systems using the LDAP service, SNC Kerberos and single sign-on authentication. In the practical example is documented the detailed technical implementation of this architecture. Furthermore, this thesis deals with the specifics which exist especially in large-scale SAP information systems in the area of access and communication security and documents the appropriate ways to address them.
36	Implementation of NIS Backend for SSSD / Implementation of NIS Backend for SSSD Nykrýn, Lukáš January 2013 (has links) Tato práce se v první části zabývá představením technologií a nástrojů pro centrální správu a přihlašování uživatelů v GNU/Linux. Ukazuje využití adresářových služeb v síťové infrastruktuře, konkrétně služby NIS a její porovnání s dnes pravděpodobně nejrozšířenější adresářovou službou LDAP. Dále práce popisuje proces autentizace na klientských stanicích, konkrétně použití PAM a NSS a možné rozšíření celého systému zavedením cache díky démonu SSSD. Druhá část popisuje návrh a implementaci NIS provideru pro SSSD.
37	Corporate Network : Security Aspects Nikolov, Nikolay January 2010 (has links) Every corporation using IT technologies needs a good and carefully secured network design. The IT security is a key factor of a normal functional of the whole corporation and all its sections. There different methods and concepts for providing different level of IT security. Some of them are very important and should be implemented in every corporate network. There are a lot of services providing inside and outside the corporation network. Increasing the number of services like web services, mail services, file services and other, the number of eventual security issues is rising. The security methods of each of provided services are different and it is required a professional with deep knowledge about this service functionality if it is needed to be good applied. Operation system and application hardering are methods which are not so hard for applying, like configuring proxy server or firewalls, but they could increase the security drastic. In a combination with simple configured security devices, the results could be very impressive. Choosing the right methodology and framework of designing a secured network is important part of entire process. With the right methodology designing could be easier and more effective. design examples e-mail services web services dns services dhcp services ldap services routers firewalls hardering security technologies RADIUS OTP PKI IDS ACLs cryptography
38	Single Sign-On : Risks and Opportunities of Using SSO (Single Sign-On) in a Complex System Environment with Focus on Overall Security Aspects Cakir, Ece January 2013 (has links) Main concern of this thesis is to help design a secure and reliable network system which keeps growing in complexity due to the interfaces with multiple logging sub-systems and to ensure the safety of the network environment for everyone involved. The parties somewhat involved in network systems are always in need of developing new solutions to security problems and striving to have a secure access into a network so as to fulfil their job in safe computing environments. Implementation and use of SSO (Single Sign-On) offering secure and reliable network in complex systems has been specifically defined for the overall security aspects of enterprises. The information to be used within and out of organization was structured layer by layer according to the organizational needs to define the sub-systems. The users in the enterprise were defined according to their role based profiles. Structuring the information layer by layer was shown to improve the level of security by providing multiple authentication mechanisms. Before implementing SSO system necessary requirements are identified. Thereafter, user identity management and different authentication mechanisms were defined together with the network protocols and standards to insure a safe exchange of information within and outside the organization. A marketing research was conducted in line of the SSO solutions. Threat and risk analysis was conducted according to ISO/IEC 27003:2010 standard. The degree of threat and risk were evaluated by considering their consequences and possibilities. These evaluations were processed by risk treatments. MoDAF (Ministry of Defence Architecture Framework) used to show what kind of resources, applications and the other system related information are needed and exchanged in the network. In essence some suggestions were made concerning the ideas of implementing SSO solutions presented in the discussion and analysis chapter. SSO information security authentication federated identity multi-factor authentication MoDAF framework SAML LDAP certificate authority kerberos shibboleth SSO architectures risk evaluation. Computer Sciences Datavetenskap (datalogi)
39	Analýza zabezpečení a autentizace bezdrátových sítí / Analysis of security and authentication of wireless networks Kulíř, Tomáš January 2011 (has links) This master's thesis deals with wireless networks, mainly about the WiFi. It deals with summary of individual security mechanism both theoretically and using them in real hardware. Mainly it is interested in the security of the individual mechanisms and their weaknesses, which cause rupture of security. At each chapter the ideas and methods, that the attackers are trying for infiltration of wireless networks and decrypt encryption WEP, WPA or WPA2, are outlined. The principle of the authentication of the WiFi by the authentication server and its options, which is connected with directory service LDAP, is also explained in this thesis. The penultimate chapter deals with the summary of security mechanisms and references that should be adhered by design of the WiFi for the provision of the high security. The ending of the master's thesis is devoted to social engineering and its most famous representatives.
40	Nstroj pro sprvu Active Directory / Active Directory Management Dashboard Radimk, Samuel January 2016 (has links) This thesis is focused on the main concepts of Active Directory and the creation of an application allowing basic management tasks. It introduces the logical as well as physical components and provides an overview of existing servers that are using the services of Active Directory. The functionality of existing management applications is discussed and desired properties of management applications are discovered. On these grounds, a new application concept is introduced and the benefits of the new application over the existing ones is shown. According to the concept, a new application is developed supporting the management of users and groups and implementing additional features such as profile photo editing and a definition of customized object creation process. This application is also tested on different levels and possibilities of future improvements are given.

Search results