¶ User Authentication
User Authentication
- User database: change your password
Question In how many places do need to change your password if you want to change them for Canvas, Student-LADOK and XXXX)
Question What are the Password requirements for hv.se? How does that impact brute-force attacks according to van Oorschot compared to a freely chosen password? (remember to reference)
-
Read Chapter "3.3 Account recovery and secret questions" of van Oorschot. What is the password mechanism of hv.se?
Question What are the two tokens required for password-recovery of hv.se? -
SSO: 3 examples - try one login and see what happens (hv.instructure.com, LADOK = https://www.hv.se/student/it-support/webbtjanster/ladok-for-studenter/?sq=ladok and XXX)
-
hv-open wifi network: see the login splash
-
hv-open wifi network: Try to buy something and fail -- Question: Draw
☁️
(Internet),
🏢
(Office) ,
🔥
(Firewall) ,
🏪
(webshop),
📰
(Tabloid aka expressen.se)
👨💼👩💼🏛️ (University Management)
Q1: What (very social) asset is protected here??
Q2: Where is the actual protection taking place in the topology you draw?? -
MFA of outlook.com/hv.se - other examples of Athenticators for other systems (create account on WoW?)
-
Fortigate lab: Create local users
-
Fortigate lab: protect uers from youtube; only authorized have access
-
Fortigate lab: protect network from users; only authorized have access
|
CLIENTS 👨👩👦 |
GUARDS Checkpoint ♀️ ⚔️ 🚦 INSPECTION 🛢️ 🔬 |
HAZARDS 🦇 |
End Goal |
TOKEN |
OTHERS 🗃️ 🔐 🌏 ⚙️ 🙅♂️ 📂 🇸🇪 👩🏫 |
-""-
DATABASE ?? 🛢️Oil Drum
MitM-attack ??
true
true
📇 
🗂️ 
impersonator
vs 🌐 
true
hej
hej