No system – however secure in its internal design – can be considered to operate safely unless an authentication
front-end is implemented. Thus this workshop examines the components of the design of IAM (Identity and Access
Management) systems. As such it incorporates design and configuration of Active Directory (including
Kerberos), RADIUS, and the RSA token authentication engine as well as the use of multi-factor authentication
components.
Firstly the access policy is designed and this is the implemented in the Active Directory Server, Following this,
an authentication front end is added (RSA engine in this workshop). This involves the construction of a network
of client and back end servers (Domain Controller and Authentication Engine) along with policy implementation
testing as well as configuration of the security functionality.
This workshop examines the common vulnerabilities that can occur in the design and implementation of web-based applications and services. The laboratory tool kit is based upon the OWASP (Open Web Application Security Project) project and incorporates use of WebGoat, WebScarab and various web services.