Your SlideShare is downloading. ×
0
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
European Identity Conference  2008
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

European Identity Conference 2008

131

Published on

A copy of the EIC2008 Presentation on how my previosu employer was transferring and integrating card systems across the site

A copy of the EIC2008 Presentation on how my previosu employer was transferring and integrating card systems across the site

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
131
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 1999 - Date City College, Coventry 2002 - Date Technical Services Manager   Provide a support service to approximately 1,100 staff and 14,000 students and maintained 3,400 networked devices over three main buildings and 23 other buildings around the city. Responsible for the implementation of the College Information Strategy as agreed by Executive Committee. Responsible for managing the team leaders responsible for AVA/Reprographics, Networking and IT Technical Support ensuring proper operation of these sections. Devise, negotiate and monitor a set of agreed service level/performance indicators, taking the action necessary to ensure targets are met. Devise and implement suitable policies and procedures for the safe and legal operation of facilities. Primary site contact for hardware and software suppliers ensuring that software licensing is properly recorded, up-to-date and that the college is adhering to licence agreements. Production of tenders for new equipment where appropriate and ensuring compliance with financial regulations. Advice and consultancy to other managers on the appropriate use of college facilities, to include making recommendations for future investment. Budgetary planning, control and management including oversight of delegated budgets. Co-ordinate large team events for the section and also throughout the organisation. To contribute to arrangements necessary to retain/secure Investors in People accreditation 1999 – 2002 Deputy Information Systems Manager   Recommended and project managed a Citrix Metaframe installation across a wide area network including tenders for the project. I also installed and administered the product and trained users and technicians in its use and platform compatibilities. I am still the college’s systems administrator for Citrix. Managed installation and required downtime across both sites for college’s critical systems installation and am also one of the Colleges systems administrators for SQL Server databases. Wrote server specifications with IT technicians and assisted in the evaluation of tenders for hardware purchases for orders over £150k. Evaluated new hardware and software technologies, made recommendations, and ensured that the organisation purchased systems in the most cost effective manner. Tested PDA wireless wide area network access across both sites with Citrix. Manage programming team and project development schedule and prioritised workloads for staff and temporary data clerks. Wrote Payroll/Personnel/Finance reports along with cheque printing and invoice generation routines. I also managed and implemented in-house payroll system hardware along with stationary design and application configuration. Maintain and developed timetabling software for the college and developed reporting suites. Implemented and fixed large college wide Management Information systems issues and databases. Managed and trained Information Systems programming team on Database design, and implementation and project managed full development lifecycle bespoke packages for the college. Taught a ten week course on training students on database design techniques and programming with Access. Taught support and academic staff on how to use new databases and applications. Helped develop and implement new college Central Information Systems structure during a merger whilst maintaining existing levels of service. I have also produced and delivered presentations on college systems to a seminar with over 100 delegates. Secretary of the Capita Dolphin MIS system user group. Managed another colleges MIS department concurrently.     1998 – 1999 Contractor 1998 – 1999 Critical Systems Manager, National Exhibition Centre, Birmingham   Monitor and maintain personnel system. Created specification and modelled staff scheduling system. Wrote and conducted systems analysis for ticket booking system. Designed, wrote, and implemented a media catalogue for AVA department. Reviewed and implemented security on critical systems. 1998 – 1998 Developer, Tibbett and Britton PLC, Northampton   Developed and created networked databases in Visual Basic 5.0. Wrote warehouse maintenance screens and code for a client. Created software to convert tables and text files into different formats. Wrote software to help track vehicle deliveries to sites linking into GPS systems.     1995 - 1998 Tile Hill College, Coventry 1996 – 1998 Senior Programmer   Developed and created networked databases in Access 2.0, 97, and Visual Basic 5.0. Also wrote small database systems in Visual Basic, which linked to tables in SQL Server. Developed Student ID System using Access 97, SQL Server and Visual Basic 5. Set-up security, installed Windows NT workstations and Print Servers, and assisted in the implementation of the colleges first Windows NT domain. Administered SQL server security and users as well as ODBC links on PC’s. Worked along side Web developer in publishing Access 97 databases on the Internet and Intranet. 1995 -1996 Programmer   Developed Job request systems for computer technicians and report requests. Administered and wrote various databases in Dbase III and Access.  
  • PC is in ‘Card login only’ group in AD Group Policy says ‘Card Login Only’ group PCs can login with Card Only (interactive logon) Card is Placed in keyboard User Enters PIN Number Authenticates against ILM and SQL Data SQL data for Pin and User Cert keys Confirms and Login Summary So how do we put the solution together?
  • How many certificates and if there is key escrow?
  • AD Domain = exstaff FQDN = staff.covcollege.ac.uk Installation auto-detected domain as staff instead of exstaff therefore ILM logins didnt work Some Certificate generation issues = 2 days consultancy
  • Summary So to do this it requires a culture change for our staff
  • Full Systems Integration
  • Transcript

    • 1. Implementing A Converged Physical and Logical IT Security Strategy 23 rd April 2008 11.30–12.30
        • Satel J. Naik
        • Technical Services Manager
        • City College Coventry
        • [email_address]
        • +44 (0) 771 748 5223
    • 2. What Are We Covering Today?
        • Who Am I?
        • The Organisation
        • Business Case
        • Vision
        • Solution
        • Outstanding Issues
        • Overall
        • Future Requirements
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 3. Who Am I?
      • 1995 – Junior Programmer
      • 1996 – Senior Programmer
      • 1998 – Critical Systems Manager, NEC
      • 2000 – Deputy CIS Manager
      • 2002 to Current - Technical Services Manager, City College Coventry
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 4. The Organisation
      • Colleges merged Feb 2002 ( Tile Hill and Coventry Technical College, Coventry)
      • 10,000 Students
      • 3 Main Campuses +10 Outreach Centres
      • 900 Staff (including 400 Part Time)
      • Currently Relocating to Coventry City Centre
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 5. Business Case
      • Promote Card Carrying Culture
      • Staff Identification across the College (replacing the old format card)
      • Automatic PC Locking and Access to Computer Facilities. Using a ‘set once’ pin number
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 6. Business Case
      • Gain access to rooms at the new Swanswell site
      • Learning Resource Centre book loan card (replacing the old format card)
      • Secure Remote Administration of Servers
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 7. Business Case
      • Future Project Requirements
        • Secure release of both colour and mono-chrome documents
        • Car parking pass
        • Use photocopier facilities (replacing the old format card)
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 8. Business Case
      • Future Project Requirements (cont.)
        • Secure Access To Classroom Administration
          • Live Communications Server
          • Lecturer Notes
          • IP Softphone
          • Payslip and Other personal Info (coming soon)
      • Increased Security Isn´t Desired, It´s Required!
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 9. HID Crescendo Physical Access Visual ID Logical Access Cashless Payment Secure Printing
    • 10. Vision – Typical Day for Staff (Morning)
      • Drive In and Park Car (Card Required)
      • Enter Building (Open)
      • Enter Staffroom (Card Required with rights)
      • Logon to PC (Card + PIN Required)
      • Print Document
        • Remove Card (auto locks PC)
        • Walk to Central printer/copier
        • Swipe Card, displays list of docs sent, select, print or copy
        • Click logged and recharged to users account (equitrack)
      • User returns to PC
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 11. Vision – Typical Day for Staff (Morning)
      • Drive In and Park Car (Card Required)
      • Enter Building (Open)
      • Enter Staffroom (Card Required with rights)
      • Logon to PC (Card + PIN Required)
      • Print Document
        • Remove Card (auto locks PC)
        • Walk to Central printer/copier
        • Swipe Card, displays list of docs sent, select, print or copy
        • Click logged and recharged to users account (equitrack)
      • User returns to PC
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 12. Vision – Typical Day for Staff (Lunch)
      • Removes Card
      • PC Locks automatically
      • Exit Staffroom
      • Purchases Lunch (Cashless Card Payment = 10% discount)
      • Return to Staffroom (Card Required with rights)
      • Logon to PC (Card + PIN Required)
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 13. Vision – Typical Day for Staff (Evening)
      • Removes Card
      • PC Locks automatically
      • Exit Staffroom
      • Return to Car
      • Exit Car Park
        • Feed in ticket
        • Swipe Card (Card Required)
        • Recharges User For Car Park Cost
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 14. Vision – Typical Day for Staff
      • What Did We Secure?
        • Staff members Car
        • Physical Assets in Staff room
        • Document Security (Card Release for Print/Copy)
        • PC Access
        • Lunch Funds !!
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 15. Solution - Overview 23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy PIN # Microsoft Identity Lifecycle Manager 2007 SQL Server Domain Server + Cert Services Domain Cert. User Cert. Microsoft Active Directory Group Policy ‘ Card_Login_Only’ AD Group
    • 16. Solution - Readers
      • Dell Smartcard Keyboard
        • Staff and Student PC’s
        • Fully Integrated
        • Cost Effective
        • Build Quality
        • P&P Installation
      • HID/Omnikey USB Reader
        • Laptop/Remote Support Users
        • Cost Effective
        • Build Quality
        • P&P Installation
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 17. Solution – Infrastructure
      • Domain
        • Create Domain Certificate
      • Microsoft Identity Lifecycle Manager 2007
        • Issue User Certificate to Card using ILM interface (setup PIN)
        • ILM automatically generates Key pair (User Certificate + Domain Certificate)
        • All info written to encrypted MSSQL
        • Card + PIN authenticates to ILM and Logs into Domain
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 18. Solution - Infrastructure
      • Active Directory Group Policy
        • Create an AD group called ‘Card_Login_Only’
        • Place PC’s/Servers into Group
        • Create an AD Group Policy for the Group
        • If PC is ‘Card_Login_Only’ display a splash screen at logon
      • Only login to those PC’s and Servers with Cards
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 19. Solution – Consultancy
      • www.oxfordcomputergroup.com
      • [email_address]
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 20. Solution – Card Technology  23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy HID Crescendo Summary of 6 Other Card Solutions (Combined) Compatible with our Access Control System and Readers Yes Mifare and others not fully compatible Middleware and Drivers Included Yes, Site License Some providers charge per seat or one license per card Chip License Included Ye s, each chip for card requires a license, For most it was included, but we found one supplier that excluded the license Fully Compatible with Microsoft Active Directory Yes Others require a separate DB for card login info Card Management Software Inc. No, we are using ILM 2007, really easy to issue cards and re-issue if lost, takes about 60 secs per card, and AD secures issuing account and PC. Included, but most info is held locally, some companies charge per concurrent login Vista Compatible Yes, from August 2007 No others formally supported VISTA Card Printing Facility (College Logo and Background) Yes, 6 weeks turnaround Yes, 5 day turnaround Physical Card Security (cloning protection) Yes, HID cards have unique facility codes, needs to be quoted at time of ordering and programmed by manufacturer Some other cards available ‘off the shelf’ have the facility code programmed by reseller on demand Summary Cost effective, as all licensing included, except ILM 2007 server and CALS. and SQL Server for ILM Database, only one that supported VISTA Too many hidden costs and risks, not fully compatible with AC. Quick turnaround of cards available from to many of suppliers on Web, no supplier supporting VISTA
    • 21. Culture Change
      • Initially Staff get locked out of Rooms
      • Staff Understand the Changing Face of Security
      • Some Think its Too Much (for a College)
      • More Power can be given to the User
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 22. Outstanding Issues
      • Outlook Webmail
      • Card Holders and Cards Are Landscape
      • Some PC’s dont have readers
      • Some Staff Resistance
        • Customised and more relaxed Web Filtering
        • Softphone and Live Communicator Access
        • Panic Buttons
        • PDF Payslips (reduce cost of printing and distribution)
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 23. Summary
      • Information =
      • Most Valuable Asset For Organisation?
      • Most Likely to be Lost or Stolen?
      • Most Amount of Time to Manage?
      • Security =
      • Locking Workstations
      • Deprovisioning User Accounts Quickly
      • Using Your Card More Often (sooner you know its lost the better!)
      • Discount For Food + Room Access + PC Login + Print/Copy Release
      • =
      • Card Carrying Culture and No Lost Cards To Date
      23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy
    • 24. Further Enhancements 23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy 2008
      • De-provision User Accounts Quickly (MIIS)
      • Car Park
      2009
      • Setup of New Site (Phase 2 of College)
      • Student Card Rollout Evaluation
      2010
      • Staff Cashless Catering (TBC)
      2011
      • Full System Integration Achieved
      • Data Replication Minimised
      • Links Between Systems (AD & HR, Student Records etc)
      • Systems Streamlined
      • Reduction In Print Costs and Paper Forms

    ×