15. Solution - Overview 23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy PIN # Microsoft Identity Lifecycle Manager 2007 SQL Server Domain Server + Cert Services Domain Cert. User Cert. Microsoft Active Directory Group Policy ‘ Card_Login_Only’ AD Group
16.
17.
18.
19.
20. Solution – Card Technology 23rd April 2008 11.30–12.30 Implementing A Converged Physical and Logical IT Security Strategy HID Crescendo Summary of 6 Other Card Solutions (Combined) Compatible with our Access Control System and Readers Yes Mifare and others not fully compatible Middleware and Drivers Included Yes, Site License Some providers charge per seat or one license per card Chip License Included Ye s, each chip for card requires a license, For most it was included, but we found one supplier that excluded the license Fully Compatible with Microsoft Active Directory Yes Others require a separate DB for card login info Card Management Software Inc. No, we are using ILM 2007, really easy to issue cards and re-issue if lost, takes about 60 secs per card, and AD secures issuing account and PC. Included, but most info is held locally, some companies charge per concurrent login Vista Compatible Yes, from August 2007 No others formally supported VISTA Card Printing Facility (College Logo and Background) Yes, 6 weeks turnaround Yes, 5 day turnaround Physical Card Security (cloning protection) Yes, HID cards have unique facility codes, needs to be quoted at time of ordering and programmed by manufacturer Some other cards available ‘off the shelf’ have the facility code programmed by reseller on demand Summary Cost effective, as all licensing included, except ILM 2007 server and CALS. and SQL Server for ILM Database, only one that supported VISTA Too many hidden costs and risks, not fully compatible with AC. Quick turnaround of cards available from to many of suppliers on Web, no supplier supporting VISTA
21.
22.
23.
24.
Hinweis der Redaktion
1999 - Date City College, Coventry 2002 - Date Technical Services Manager Provide a support service to approximately 1,100 staff and 14,000 students and maintained 3,400 networked devices over three main buildings and 23 other buildings around the city. Responsible for the implementation of the College Information Strategy as agreed by Executive Committee. Responsible for managing the team leaders responsible for AVA/Reprographics, Networking and IT Technical Support ensuring proper operation of these sections. Devise, negotiate and monitor a set of agreed service level/performance indicators, taking the action necessary to ensure targets are met. Devise and implement suitable policies and procedures for the safe and legal operation of facilities. Primary site contact for hardware and software suppliers ensuring that software licensing is properly recorded, up-to-date and that the college is adhering to licence agreements. Production of tenders for new equipment where appropriate and ensuring compliance with financial regulations. Advice and consultancy to other managers on the appropriate use of college facilities, to include making recommendations for future investment. Budgetary planning, control and management including oversight of delegated budgets. Co-ordinate large team events for the section and also throughout the organisation. To contribute to arrangements necessary to retain/secure Investors in People accreditation 1999 – 2002 Deputy Information Systems Manager Recommended and project managed a Citrix Metaframe installation across a wide area network including tenders for the project. I also installed and administered the product and trained users and technicians in its use and platform compatibilities. I am still the college’s systems administrator for Citrix. Managed installation and required downtime across both sites for college’s critical systems installation and am also one of the Colleges systems administrators for SQL Server databases. Wrote server specifications with IT technicians and assisted in the evaluation of tenders for hardware purchases for orders over £150k. Evaluated new hardware and software technologies, made recommendations, and ensured that the organisation purchased systems in the most cost effective manner. Tested PDA wireless wide area network access across both sites with Citrix. Manage programming team and project development schedule and prioritised workloads for staff and temporary data clerks. Wrote Payroll/Personnel/Finance reports along with cheque printing and invoice generation routines. I also managed and implemented in-house payroll system hardware along with stationary design and application configuration. Maintain and developed timetabling software for the college and developed reporting suites. Implemented and fixed large college wide Management Information systems issues and databases. Managed and trained Information Systems programming team on Database design, and implementation and project managed full development lifecycle bespoke packages for the college. Taught a ten week course on training students on database design techniques and programming with Access. Taught support and academic staff on how to use new databases and applications. Helped develop and implement new college Central Information Systems structure during a merger whilst maintaining existing levels of service. I have also produced and delivered presentations on college systems to a seminar with over 100 delegates. Secretary of the Capita Dolphin MIS system user group. Managed another colleges MIS department concurrently. 1998 – 1999 Contractor 1998 – 1999 Critical Systems Manager, National Exhibition Centre, Birmingham Monitor and maintain personnel system. Created specification and modelled staff scheduling system. Wrote and conducted systems analysis for ticket booking system. Designed, wrote, and implemented a media catalogue for AVA department. Reviewed and implemented security on critical systems. 1998 – 1998 Developer, Tibbett and Britton PLC, Northampton Developed and created networked databases in Visual Basic 5.0. Wrote warehouse maintenance screens and code for a client. Created software to convert tables and text files into different formats. Wrote software to help track vehicle deliveries to sites linking into GPS systems. 1995 - 1998 Tile Hill College, Coventry 1996 – 1998 Senior Programmer Developed and created networked databases in Access 2.0, 97, and Visual Basic 5.0. Also wrote small database systems in Visual Basic, which linked to tables in SQL Server. Developed Student ID System using Access 97, SQL Server and Visual Basic 5. Set-up security, installed Windows NT workstations and Print Servers, and assisted in the implementation of the colleges first Windows NT domain. Administered SQL server security and users as well as ODBC links on PC’s. Worked along side Web developer in publishing Access 97 databases on the Internet and Intranet. 1995 -1996 Programmer Developed Job request systems for computer technicians and report requests. Administered and wrote various databases in Dbase III and Access.
PC is in ‘Card login only’ group in AD Group Policy says ‘Card Login Only’ group PCs can login with Card Only (interactive logon) Card is Placed in keyboard User Enters PIN Number Authenticates against ILM and SQL Data SQL data for Pin and User Cert keys Confirms and Login Summary So how do we put the solution together?
How many certificates and if there is key escrow?
AD Domain = exstaff FQDN = staff.covcollege.ac.uk Installation auto-detected domain as staff instead of exstaff therefore ILM logins didnt work Some Certificate generation issues = 2 days consultancy
Summary So to do this it requires a culture change for our staff