Documente Academic
Documente Profesional
Documente Cultură
CHAPTER-1 INTRODUCTION
Network Services Security Directory Services Se-Linux Policies KERBEROS Authentication Secure WEB Server Secure Mail Server
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Introduction
Network Services Security:Network security is becoming more and more important as people spend more and more time connected. Compromising network security is often much easier than compromising physical or local security, and is much more common. Directory Services:A centralized database system is a system that keeps the data in one single database at one single location. In a centralized database system, a single machine called a database server hosts the DBMS and the database. Multiple users or client workstations can work simultaneously on a centralized database system using the Client/Server configuration, or the Intranet configuration if An underlying LAN (Local Area Network) is available (LANs can span one or few adjacent buildings) An underlying WAN (Wide Area Network) is available (WANs can span all Lebanon) The client/server architecture is a very successful and popular one as it balances the processing load between the client machine and the server machine. The ongoing growth of Internet and intranet applications has refocused attention on centralized databases. In such configuration, the bulk of the processing does not lie on the client machine, but rather on the machine hosting the Application Server and the database server machine. SELinux Policies:Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your systems protection by creating new policy modules is easier than ever.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication. KERBEROS Authentication:Kerberos is an authentication service developed at MIT for open network computing environments. When you log in through authentication management software (e.g., Kerberos for Windows or Mac), the application uses your user ID and password to create a ticket that is then matched against a private ticket on the server to which you are authenticating. Your user ID and password are secure since they are never sent over the network. Kerberos Tickets Kerberos "tickets" are encrypted protocol messages used to identify you to kerberized Network utilities. Once you have logged in, Kerberos grants you these tickets so that you do not need to login again every time you communicate with the server. Kerberos Uses two types of tickets in its process of authentication: TGTs (Ticket Granting Tickets) and Service Tickets.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Working of Kerberos:Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of authentication where both the client and server agree to use a single encryption/decryption key for sending or receiving data. When working with the encryption key, the details are actually sent to a key distribution center, or KDC, instead of sending the details directly between each computer. The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receives the request by the client and verifies that the client is indeed the computer it claims to be. This is usually just a simple database lookup of the users ID. 2. Upon verification, a timestamp is created. This puts the current time in a user session, along with an expiration date. The default expiration date of a timestamp is 8 hours. The encryption key is then created. The timestamp ensures that when 8 hours is up, the encryption key is useless. (This is used to make sure a hacker doesnt intercept the data, and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer than 8 hours to do so)
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is a simple ticket that is issued by the authentication service. It is used for authenticating the client for future reference.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service ticket. 6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own encrypted key to the service.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the service contacts the key distribution center to receive a session that is returned to the client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated between client and server. Is all that back-and-forth communication really necessary? When concerning speed and reliability, it is entirely necessary. After the communication is made between the client and server, no further need of transmitting logon information is needed. The client is authenticated until the session expires.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Secure WEB Server:The apache server has flexible mechanism for accepting request and dispatching children to process them which is abstracted into multi processing modules( MPM). The MPM used by default in red hat enterprise Linux (RHEL) is perform, which spawns multiple child processes when needed just like apache 1.3. Other MPMs are not yet available, although directives for some appear in the configuration file. Dynamic module loading allows a web server administrator to change the behavior of apache. This can be done without recompiling any source code, and simply specifying the use of a given module. An example of commonly used module is mod_perl, used to increase Perl CGI script execution speed. The apache web server is a SELinux restricted service when enforcing the default targeted policy on the red hat enterprise Linux, version 4 system. The service uses a number SElinux context for its file. For purposes of web server configuration, the following contexts are important: System_u:object_r:httpd_config_t For configuration files particularly in /etc/httpd/conf and / etc/httpd/conf.d System_u:object_r:httpd_log_t For log files in /etc/httpd/logs Apache server Apache web server: The Apache Web server is a free HTTP (Web) server developed by the Apache Server Project. It is a reliable, efficient , and easily extensible Web Server Free open source code
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Secure Mail Server:Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service gives its members more possibilities than a standard SMTP server does. Fast, responsive, and quick loading, the SMTP server engine allows sending e-mail through SSL / TLS encrypted channels, provides detailed reports available for preview in the Control Panel, and enhanced delivery notifications. Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail MTA.
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
CHAPTER-2
REQUIREMENT
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
System Requirement
Minimum Requirement: 3 Machines Linux Operating System Minimum Server/Master Requirement:Processor: Intel Dual core Ram: 4 GB Hard Disk: 80 GB Minimum Slave Requirement:Processor: Intel Dual Core Ram: 2 GB Hard Disk: 40 GB Minimum Client Requirement:Processor: Intel Dual Core Ram: 1GB Hard Disk: 20 GB
10
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
11
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Design Phase
Data Flow Diagram of Kerberos Authentication
12
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Data Flow Diagram of DNS Server
13
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
CHAPTER-4
SYSTEM IMPLEMENTATION
Server Configuration Slave Configuration Client Configuration
14
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
SERVER Configuration Configuring NTP Server:The Configuration file of NTP Server is /etc/ntp.conf file. Which contain all configuration of NTP server. To Configure NTP Server Edit /etc/ntp.conf file
15
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configuring a CA Certificate:
In cryptography, a certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes. Configuration file of CA Certificate is /etc/pki/openssl.conf
#cd /etc/pki/CA #touch index.txt #echo 01 > serial Make new directories #mkdir {newcerts, certs, crl, private}
16
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Now make a ca.crt file in /etc/pki/tls/certs directory #make ca.crt After making a ca.crt file a new file is generated in that directory with a name of ca.key #cp ca.* /etc/pki/CA #cp ca.* /etc/pki/CA/private #cp ca.* /etc/pki/CA/certs
17
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configuring DNS Server:DNS is the mother of the Internet (Domain Name server). The DNS server is responsible for translating IP addresses into actual names. For example when you type in your web browser: (www.domainname.com) Before a web browser can request a web page sitting on the web server at that domain, first the browser contacts the nearest DNS server to query an IP address that matches that name. Types of DNS:A master DNS server for your domain(s), which stores authoritative records for your domain. A slave DNS server, which relies on a master DNS server for data. A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers. A forwarding-only DNS server, which refers all requests to other DNS servers. Setting up MASTER DNS server Setting up the DNS server is quite simple. Most, if not all, Linux distributions come with Bind (Berkley Internet Name Daemon) version 8 or 9. Most likely, it was installed during your Linux installation, but if not refer to software installation in this book to install it. I really recommend it to be installed during the initial Linux installation simply because named-bootconf.pl generates a serial number for it (known as secret). To configure the DNS server the named.conf file is used /etc/named.caching-nameserver.conf /etc/named-rfc-1920.conf Directories: /var/named The named.conf file will point to /var/named in order to query each zone. Every time you create a zone, a file will be created in the /var/named directory. Before you make any changes make a backup copy of this file: # cp named.conf named.conf.original
18
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configure /etc/named.caching-name-server.conf
19
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configure /etc/named.rfc-1912.conf
20
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configure zone file a). Create a sviet.zone file for forwarding
21
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies for authenticate the slave to master DNS Server for zone file backup Install a TSIG key #dnssec-keygen a HMAC-MD5 b 128 n HOST server.sviet.com After that a new file is created with a name Kserver.sviet.com.+156+28566.private
22
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
KERBEROS Authentication:Kerberos is an authentication service developed at MIT for open network computing environments. When you log in through authentication management software (e.g., Kerberos for Windows or Mac), the application uses your user ID and password to create a ticket that is then matched against a private ticket on the server to which you are authenticating. Your user ID and password are secure since they are never sent over the network. Initial sign-on prompts the user for credentials, and gets a Kerberos ticket-granting ticket (TGT). Additional software applications requiring authentication, such as email clients, wikis, revision control systems, etc., use the ticket-granting ticket to acquire service tickets, proving the user's identity to the mail server / wiki server / etc. without prompting the user to re-enter credentials Configuration files of Kerberos are:/var/kerberos/krb5kdc/kadm5.acl
23
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies /var/kerberos/krb5kdc/kdc.conf
24
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies /etc/krb5.conf
25
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies After all of above configuration execute these command #kdb5_util create s r SVIE.COM Then enter the password #kadmin.local #addprinc root/admin #addprinc nitin #ktadd k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin #ktadd k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw #addprinc randkey host/server.sviet.com #ktadd k /etc/krb5.keytab host/server.sviet.com After all of above command press Ctrl+d and copy the /etc/krb5.conf file to client side. In /var/kerberos/krb5kdc/kadm5.acl file we define the Realm name. /var/kerberos/krb5kdc/kdc.conf these file stores the information about kerberos like encryption method, keytab file location and so on. Enable replication in server so that, slave can update it self
26
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
27
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Service profile Packages Configurations file Daemons Port number Access Control The web access can be controlled by using access control directives such as allow and Directive Deny from host . Description Determines hosts that can access a given directory: all, or partial or full domain name or ip address. Allow from host . Determines which hosts can access a given directory: all, or partial or full domain name or ip address. httpd /etc/httpd/conf/httpd.conf httpd 80
28
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configuration of WEB Server /etc/httpd/conf/httpd.conf
29
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Apache Encrypted Web Server Apache can provide encrypted communications using the mod_ssl apache module. To make use of encrypted communications, a client must request the https protocol. Encryption is based on either the RSA or DSA algorithm. Apache Encrypted Web Server Package Port number Certificate Private key Self-signed cert mod_ssl 443 /etc/httpd/conf/web.crt /etc/httpd/conf/web.key make testcert
30
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
By default apache server document root is /var/www/html Create some test pages /var/www/html/index.html
31
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
/var/www/html/public/index.tml
32
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies /var/www/html/private/index.html
33
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Now create a principal of HTTP #kadmin.local #addprinc randkey HTTP/server.sviet.com #ktadd k /etc/httpd/conf/keytab HTTP/server.sviet.com Press ctrl+d Make the apache user as owner of keytab file #chown apache:apache /etc/httpd/conf/keytab To verify the keytab file
34
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configure SSH Server:There are a couple of ways that you can access a shell (command line) remotely on most Linux/Unix systems. One of the older ways is to use the telnet program, which is available on most network capable operating systems. Accessing a shell account through the telnet method though poses a danger in that everything that you send or receive over that telnet session is visible in plain text on your local network, and the local network of the machine you are connecting to. So anyone who can "sniff" the connection in-between can see your username, password, email that you read, and commands that you run. For these reasons you need a more sophisticated program than telnet to connect to a remote host. Configuration file of ssh /etc/ssh/sshd_config
35
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
36
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Banner file of ssh is in /etc/ssh/message
37
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configure FTP Server:File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it. Configuration file ftp server /etc/vsftpd/vsftpd.conf
38
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
39
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
If you want user donot go outside of home directory add the name of user /etc/vsftpd/croot_list file
40
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
If a client with IP 192.168.0.5 try to connect to server he/she get a message from file /etc/vsftpd/.denied
41
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
42
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configure NFS Server:Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The Network File System is an open standard defined in RFCs, allowing anyone to implement the protocol. Configuration file of NFS Server is /etc/exports
43
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configuring Mail Server:Installing Postfix Before installing Postfix we must first consider if it will need to make use of Simple Authentication and Security Layer (SASL). If you have a dynamic IP address and are using a service like dyndns.org you will need to have Postfix send your mail through your ISP's mail server (with authentication) making use of SASL for the connection. This is because many domains that you will send email to will recognize your hostname as pointing to a dynamic IP address and send the mail back. Check if your distributions Postfix package was built with SASL support or if you are compiling Postfix from scratch add SASL with a ./configure option. By default, Postfix configuration files are in /etc/postfix. The two most important files are main.cf and master.cf; these files must be owned by root. Giving someone else write permission to main.cf or master.cf (or to their parent directories) means giving root privileges to that person. Configuration file /etc/postfix/main.cf Now change to the '/etc/postfix' directory and open up main.cf for editing. The domain name for my machine is through dyndns.org. Set your myhostname and my domain to something like this:
44
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
45
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
46
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Create an SMTP principal in kerberos #kadmin.local #addprinc randkey smtp/server.sviet.com #ktadd k /etc/krb5.keytab smtp/server.sviet.com Press ctrl+d
47
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configure dovecot for imaps and pop3s to send mail
48
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Configure LDAP Server:A directory service is the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map between names and values. It allows the lookup of values given a name, similar to a dictionary. As a word in a dictionary may have multiple definitions, in a directory, a name may be associated with multiple, different pieces of information. Likewise, as a word may have different parts of speech and different definitions, a name in a directory may have many different types of data. Directories may be very narrow in scope, supporting only a small set of node types and data types, or they may be very broad, supporting an arbitrary or extensible set of types. In a telephone directory, the nodes are names and the data items are telephone numbers. In the DNS the nodes are domain names and the data items are IP addresses (and alias, mail server names, etc.). In a directory used by a network operating system, the nodes represent resources that are managed by the OS, including users, computers, printers and other shared resources. Many different directory services have been used since the advent of the Internet but this article focuses mainly on those that have descended from the X.500 directory service. A directory service defines the namespace for the network. A namespace in this context is the term that is used to hold one or more objects as named entries. The directory design process normally has a set of rules that determine how network resources are named and identified. The rules specify that the names be unique and unambiguous. In X.500 (the directory service standards) and LDAP the name is called the distinguished name (DN) and is used to refer to a collection of attributes (relative distinguished names) which make up the name of a directory entry. Directory Server comes with a set of configurable command-line utilities that can search and modify entries in the directory and administer the server. In addition to these command-line utilities, Directory Server also provides ns-slapd commandline utilities for performing directory operations.
49
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Configuring LDAP Server #setup-ds-admin.pl Enter the information its ask. Migrate the nis user to ldap #/usr/share/openldap/migration/migrate_passwd.pl user > user.ldif #/usr/share/openldap/migration/migrate_group.pl group > group.ldif
50
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
51
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
52
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
53
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies To enable kerberos authentication add the gssapi-map name to dirsrv
54
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
55
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Add principal of ldap user in kerberos #kadmin.local #addprinc randkey ldap/server.sviet.com #ktadd k /etc/ldap.keytab ldap/server.sviet.com Press ctrl+d Change the owner of ldap.keytab file to ldap #chowm ldap:ldap /etc/ldap.keytab And uncomment the line in /etc/sysconfig/dirsrv and /etc/sysconfig/dirsrv-admin file
56
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
57
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
/etc/named.rfc-1912.conf
58
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
After that when we restart the named service two new files are created in /var/named/slaves directory. /var/named/slaves/sviet.zone and /var/named/slaves/sviet.local These files contain information of forward and reverse addresses
59
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies /var/named/slaves/sviet.zone
60
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Enter the password as you set at earlier step and add the replication manager in directory server.
61
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
62
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
63
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
CLIENT Configuration
In client side run this command and select the option shown in picture #authconfig-tui
64
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
65
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
66
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies When all the configuration is completed execute below command to start the services #/etc/init.d/ntpd restart #/etc/init.d/named restart #/etc/init.d/dirsrv restart #/etc/init.d/dirsrv-admin restart #/etc/init.d/httpd restart #/etc/init.d/sshd restart #/etc/init.d/dovecot restart #/etc/init.d/postfix restart #/etc/init.d/vsftpd restart #/etc/init.d/nfs restart #/etc/init.d/kadmin restart #/etc/init.d/krb5kdc restart #chkconfig ntpd on #chkconfig named on #chkconfig dirsrv on #chkconfig dirsrv-admin on #chkconfig kadmin on #chkconfig krb5kdc on #chkconfig httpd on #chkconfig vsftpd on #chkconfig sshd on #chkconfig dovecot on #chkconfig postfix on #chkconfig nfs on
67
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
68
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
69
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
70
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
71
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies Try to access private page Without kerberos ticket
72
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
73
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
74
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
75
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
76
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
77
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Maintenance Phase
Physical Maintenance
1. Power Backup 2. Fire Alarm System 3. Air Conditioning System
System Maintenance
1. Regular Audit Log Check 2. Data Backup 3. Memory Space
78
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
79
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
Future Scope
Today's world is so full of hackers and being conquered by them. Every single system is accessible to them due to the advancement in the field of Hacking. Moreover, the hacking is used today in a very negative way to effect the people and their life. This project is mainly devoted to such circumstances and deals with each and every aspect of the ways to devastate the effect of hacking. Reduces phishing success, because users are not trained to enter password everywhere without thinking. Reducing password fatigue from different user name and password combinations. SSO uses centralized authentication servers that all other applications and systems utilize for authentication purposes, and combines this with techniques to ensure that users do not actively have to enter their credentials more than once. SSO users need not remember so many passwords to login to different systems or applications.
80
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
CHAPTER-8 REFRENCES
81
Single Sign-on Secured Web Mail Server With Additional user database & Customized Se-Linux Policies
82