Metody i sposoby bezpiecznego uwierzytelnienia w Windows 7           Krzysztof Bińkowski             Trener MCT Security/F...
Agenda•   o mnie słów kilka•   Authentication = Uwierzytelnienie•   Authentication / Authorization•   Metody uwierzytelnie...
o mnie słów kilkaPosiadam kilka certyfikatów:           Na co dzień:• MCT,                         • Trener technologii   ...
Uwierzytelnienie• Authentication = Uwierzytelnienie  Nie ma słowa „autentykacja” w    słowniku języka polskiego• Authoriza...
Authentication / Authorization?                         Are you on the list?Who are you?Authentication: Czy      Authoriza...
Authentication and                      Authorization Process               Windows authentication methods include:      W...
SECURE AUTHENTICATION    What    You                      Biometrics    Convenient    Are                             Two-...
New Authentication Features in Windows 7 New Authentication                                             Description     Fe...
Smart Card w języku polskim      Karta inteligentna ?      Karta elektroniczna ?      Karta chipowa ?      Karta krypt...
Budowa Smart Card- Posiada wbudowany procesor- Jest programowalna- Dostarcza bezpieczny magazyn dla kluczy prywatnych- Odd...
Rodzaje kart
Karta, nie karta ?• Czasem SMART CARD nazywamy  tokenami USB
Czytniki kart
Smart Cards             Smart card-related Plug and Play           Kerberos support for Smart card logon    Encrypt remo...
Gemalto .NET Bio
4 Tryby– 4 sposoby uwierzytelnienia                                                                                Fingerp...
BIOMETRIC
Biometric       Windows Biometric Framework (WBF) provides     support for fingerprint biometric devices through a       ...
Face Authentication
Online Identity Integration     A new group policy setting is available that controls   the ability of online IDs to auth...
Online Identity Integration•   Whats the benefit of linking my online IDs with my Windows user account?•   If you have an ...
Dziękuje za uwagęhttp://securityforensics.wordpress.com/Email:Krzysztof.Binkowski@gmail.com
K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7
Upcoming SlideShare
Loading in …5
×

K binkowski metody_uwierzytelnienia_windows_7

892 views

Published on

Krzysztof BInkowski - Metody i sposoby bezpiecznego uwierzytelnienia w Windows 7

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
892
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

K binkowski metody_uwierzytelnienia_windows_7

  1. 1. Metody i sposoby bezpiecznego uwierzytelnienia w Windows 7 Krzysztof Bińkowski Trener MCT Security/Forensics 28.04.2011
  2. 2. Agenda• o mnie słów kilka• Authentication = Uwierzytelnienie• Authentication / Authorization• Metody uwierzytelnienia 1FA/2FA/3FA• SmartCard Authentication• SmartCard + Biometric Authentication• Biometric Authentication• Face Authentication• Online Identity Integration
  3. 3. o mnie słów kilkaPosiadam kilka certyfikatów: Na co dzień:• MCT, • Trener technologii • Społeczny notariusz CA MCSA/MCSE+Security, Microsoft / security / Cert / StartSSL MCITP SA/EA forensic s w firmie• ACE (Accessdata Certified COMPENDIUM Centrum • Członek organizacji: Examiner) Edukacyjne • ISSA Polska,• ACI (Accessdata Certified • SIIS (Stowarzyszenie Instructor) • Specjalizacja: systemy Instytut Informatyki• Novell CNA/CNE Windows / Śledczej ) Bezpieczeostwo / PKI / • SEClub Forensics • Współlider grupy MSSUG • Specjalizuje się w informatyce śledczej
  4. 4. Uwierzytelnienie• Authentication = Uwierzytelnienie Nie ma słowa „autentykacja” w słowniku języka polskiego• Authorization = Autoryzacja
  5. 5. Authentication / Authorization? Are you on the list?Who are you?Authentication: Czy Authorization: Czy masz nadanejesteś tym za kogo się uprawnienia do zasobów do którychpodajesz ? próbujesz się dostać np. ACL User Resource What does the list say you can do? Access: Na jakie działania pozwalają Ci nadane uprawnienia.
  6. 6. Authentication and Authorization Process Windows authentication methods include: Windows DescriptionAuthentication MethodKerberos version 5 Used by Windows 7 clients and servers running Microsoftprotocol Windows Server 2000 or later Used for backward compatibility with computers runningNTLM pre-Windows 2000 operating systems and some applicationsCertificate mapping Certificates are used as authentication credentials
  7. 7. SECURE AUTHENTICATION What You Biometrics Convenient Are Two-Factor Smart Authentication Most Secure cards 2FA Three-Factor What You Have & Tokens Traditional Authentication Two-Factor 3FA Authentication Passwords 2FA & PINsWhat You Know
  8. 8. New Authentication Features in Windows 7 New Authentication Description Features Several new authentication features are available for use with Smart cards, including: •Kerberos support for Smart card logonSmart cards •Encrypt removable media using BitLocker and using the Smart card option to unlock the drive •Document and e-mail signing Windows Biometric Framework (WBF) provides supportBiometrics for fingerprint biometric devices through a new set of componentsOnline Identity A new group policy setting is available that controls theIntegration ability of online IDs to authenticate to a computer
  9. 9. Smart Card w języku polskim  Karta inteligentna ?  Karta elektroniczna ?  Karta chipowa ?  Karta kryptograficzna ?  Karta mikroprocesorowa ?
  10. 10. Budowa Smart Card- Posiada wbudowany procesor- Jest programowalna- Dostarcza bezpieczny magazyn dla kluczy prywatnych- Oddziela krytyczne dla bezpieczeństwa operacje odkomputera Karta przechowuje: Klucz prywatny Klucz publiczny Powiązany certyfikat
  11. 11. Rodzaje kart
  12. 12. Karta, nie karta ?• Czasem SMART CARD nazywamy tokenami USB
  13. 13. Czytniki kart
  14. 14. Smart Cards Smart card-related Plug and Play Kerberos support for Smart card logon Encrypt removable media using BitLocker and using the Smart card option to unlock the drive Document and e-mail signing Used with line-of-business applications to enable certificate use with no additional middleware
  15. 15. Gemalto .NET Bio
  16. 16. 4 Tryby– 4 sposoby uwierzytelnienia Fingerprint Authentication Biometric Verification Please swipe your finger on the biometric reader. Biometric Authentication SWIPE FINGER Select Finger Click here for more information OK Cance lPIN or Fingerprint Authentication PIN and Fingerprint Authentication Biometric Verification Biometric Verification Please swipe your finger OR enter your PIN Please swipe your finger first, then enter your PIN Biometric Authentication Biometric Authentication SWIPE FINGER SWIPE FINGER PIN Authentication PIN Authentication PIN PIN Select Finger Click here for more information Select Finger Click here for more information OK Cance OK Cance l l
  17. 17. BIOMETRIC
  18. 18. Biometric Windows Biometric Framework (WBF) provides support for fingerprint biometric devices through a new set of components A common API facilitates development of applications using biometrics Through a new Control Panel item, users can control the availability and use of biometric devices Device Manager support for managing drivers for biometric devices Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain
  19. 19. Face Authentication
  20. 20. Online Identity Integration A new group policy setting is available that controls the ability of online IDs to authenticate to a computer Online IDs can be used to identify individuals within a network Users must link their Windows user account to an online ID to facilitate authentication Authentication occurs through the use of certificates Does not affect domain accounts or local user accounts from logging on to the computer
  21. 21. Online Identity Integration• Whats the benefit of linking my online IDs with my Windows user account?• If you have an online account, such as an e-mail account, you can link that account with your Windows user account. Linking these accounts provides the following benefits:• People can share files with you on a homegroup using your online ID instead of having to create a Windows user account for you on their computer.• You can use your online ID to access your information on other computers on a network, such as accessing files on a home computer from your work computer.• Linking your account is a two-part process. First, you need to add your online ID provider, and then you need to link your online ID with your Windows user account.
  22. 22. Dziękuje za uwagęhttp://securityforensics.wordpress.com/Email:Krzysztof.Binkowski@gmail.com

×