SlideShare a Scribd company logo

Table of Contents Capstone Project Summary ................docx

Download as DOCX, PDF
S
ssuserf9c51d

This document outlines a capstone project for configuring Active Directory authentication for network switches at a financial institution. The project aims to address compliance issues related to password management for network administrators by integrating Remote Authentication Dial-In User Service (RADIUS) with existing Microsoft Active Directory accounts. By using RADIUS, network administrators can manage switches with a single account, eliminating the need to change multiple local passwords every forty days.

Education
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
Table of Contents Capstone Project Summary ............................................................................................... ......... 1 Review of Other Work ............................................................................................... ................ 3 Project Rationale ............................................................................................... ......................... 5 Systems Analysis and Methodology .......................................................................................... 7 Goals and Objectives ............................................................................................... ................. 10 Project Deliverables ............................................................................................... .................. 15 Project Timeline ............................................................................................... ........................ 21 Project Development ............................................................................................... ................. 21
Conclusion ............................................................................................... ................................. 26 Appendix A: Implementation Configuration Documentation ................................................. 28 Appendix B: Testing Documentation ...................................................................................... 29 Appendix C: Maintenance Procedures .................................................................................... 32 References ............................................................................................... ................................. 34 Configuring Active Directory Authentication for Force 10 Switches Page 1 Capstone Project Summary I have been employed with a medium sized financial institution, as a Network and Data Center Administrator for the last five years. The company has a headquarters location and seven branch locations. Some of my assigned duties are the
management of network devices, management of Microsoft Windows servers, and access control management for user account access to network resources. The company’s security policy requires all users to change their user account passwords every forty days. The policy includes all network access user accounts including the accounts of the network administrators that manage devices. The security policy is actively enforced on Microsoft Active Directory user accounts. There is a Group Policy set up in Active Directory that causes each user account password to expire after forty days forcing users to change their passwords. The user accounts used by network administrators to manage the company’s network switches were not the same as their Active Directory user accounts and the policy was only passively enforced. Each switch was configured to use a local database of user accounts for administrators. There are a total of fifteen network switches in the company and three network administrators to manage them. There are eight switches
installed at the headquarters location and one switch at each of the seven branch locations. Since each switch had its own database of user accounts, the network administrators were required to connect to each switch every forty days to change their password. There were mixed results for each administrator every forty days. Sometimes an administrator would change their passwords on all fifteen switches as required by the security policy, but unfortunately it didn’t always happen that way. There were times they would change their passwords on some, but not all of the switches leaving some Configuring Active Directory Authentication for Force 10 Switches Page 2 completely unchanged. Many times the passwords were not changed in the forty-day time frame as required. When the appropriate password changes did not meet the forty-day requirement, the administrator, and the department, were no longer compliant with the security policy. To resolve the possible non-compliance issues, it was
determined that the network administrators should use their Microsoft Active Directory user accounts to access and manage these switches. As mentioned above, there is a Group Policy in place forcing users to change their account passwords every forty days. By using their one centrally managed Microsoft Active Directory user account for network management it eliminates the requirement for the administrators to change user account passwords on all fifteen switches every forty days. The company already utilized a Remote Authentication Dial-In User Service or RADIUS configured on a Windows Server to authenticate with Active Directory user accounts for VPN access. For this project I configured RADIUS to also be used to authenticate the user accounts of the network administrators for managing the network switches. To complete this project, I configured each switch as a RADIUS client on the Windows Server. I then, on that same server, created a network policy that grants access to the three network administrator’s Active Directory user accounts.
Once the RADIUS configuration was completed on the server I configured each of the fifteen switches. Each individual switch needed to be configured with the IP address of the RADIUS server, and to use that server for its authentication method. Each switch was then configured to use both RADIUS and a local user account database as a backup in case the server is unavailable. The individual local user accounts for the network administrators were removed from each switch and a single local user account has been created for that backup purpose. Configuring Active Directory Authentication for Force 10 Switches Page 3 At the completion of each switch configuration, access was tested for all three network administrator’s user accounts and recorded in a report for documentation of its success. Other documentation of this project includes sample Force 10 configuration commands detailing how RADIUS was implemented, a sampling of the RADIUS debug command output recording a user
being authenticated for management access to a switch, and documentation on maintaining users and switches in the future. Review of Other Work The proposed solution to the issue of the corporate security policy’s forty-day password requirement and network administrators’ non-compliance will required multiple technologies, but there was one technology at the solution’s core and that is Remote Authentication Dial-In User Service (RADIUS). RADIUS is an Internet Engineering Task Force (IETF) standard protocol described by Cisco Systems (2006) as “a client/server protocol” where the “client passes user information to designated RADIUS servers…RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary” Using the description from Cisco Systems as a model, the Force 10 switches were configured as the RADIUS clients, that pass user information to the company RADIUS server.
The RADIUS server then authenticates the network administrator user accounts from Active Directory to grant access for management of the switches. To allow this communication between the switches and the server using the RADIUS protocol both the server and the switches required new configuration changes. The company already utilized a server with Windows Server 2008 R2 and the Network Policy Server (NPS) role installed. “Network Policy Server (NPS) is Microsoft’s implementation Configuring Active Directory Authentication for Force 10 Switches Page 4 of a RADIUS server in Windows Server 2008 R2.” (Panek, 2011, p. 662). Within NPS there were two necessary configuration changes. The first NPS configuration change was to add each Force 10 switch as an individual RADIUS client. The requirements for a RADIUS client configuration are the IP address of the switch and a phrase or word that will be used as a shared secret. A shared secret is “a text string
that serves as a password between: A Remote Authentication Dial-In User Service (RADIUS) client and RADIUS server.” (Microsoft TechNet Library, 2008). The second NPS configuration change was to create a Network Access Policy to be used with the RADIUS clients. This policy is used to “determine who can and cannot connect; you define rules with conditions that the system evaluates to see whether a particular user can connect.” (Panek, 2011, p. 689). Each Network Access Policy has assigned attributes, and this new policy has been assigned a Windows Group and the newly created clients. Any user accounts assigned to the Windows Group chosen in the policy will be granted access to the RADIUS client. A new group was created in Active Directory for this purpose. Microsoft Active Directory is defined as “an extensible directory service that enables centralized management of network resources.” (Smart Brain Training
Solution s, 2014, p. 7). Active Directory’s role or responsibility is determined to be “authorizing access, managing identities, and controlling the relationships between the resources.” (Smart Brain Training

More Related Content

DOCX
01-01-2017 This section will lay out the implementation plan o.docx
honey725342
 
DOC
Strayer cis 401 week 7 assignment 2
Bartholomee
 
DOCX
Cis 401 Success Begins / snaptutorial.com
Robinson071
 
DOCX
Running head UNIT 8 ASSIGNMENT 1UNIT 8 ASSIGNME.docx
todd521
 
DOC
Stayer cis 401 week 7 assignment 2
lroselyn
 
DOC
Stayer cis 401 week 7 assignment 2
uopassignment
 
DOC
Stayer cis 401 week 7 assignment 2
ElijahEthaan
 
PDF
Advantages And Disadvantages Of Nc
Kristen Wilson
 
01-01-2017 This section will lay out the implementation plan o.docx
honey725342
 
Strayer cis 401 week 7 assignment 2
Bartholomee
 
Cis 401 Success Begins / snaptutorial.com
Robinson071
 
Running head UNIT 8 ASSIGNMENT 1UNIT 8 ASSIGNME.docx
todd521
 
Stayer cis 401 week 7 assignment 2
lroselyn
 
Stayer cis 401 week 7 assignment 2
uopassignment
 
Stayer cis 401 week 7 assignment 2
ElijahEthaan
 
Advantages And Disadvantages Of Nc
Kristen Wilson
 

Similar to Table of Contents Capstone Project Summary ................docx (20)

PPTX
NAC_p3.pptx
Saurabh846965
 
DOCX
CIS 401 Entire Course NEW
shyamuopuop
 
PDF
Application Of An Operating System Security
Amber Wheeler
 
PPTX
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
PPTX
PIW ISE best practices
Sergey Kucherenko
 
PDF
Global Advertising, Inc.
Nicole Wells
 
DOC
Jennings it security overview 1 2
Donald Jennings
 
PDF
802.1x Implementation Plan for Seacoast
Sithideth Banavong
 
PDF
BOSNOG NAC stack 2018
GENIANS, INC.
 
PPTX
Network_Administration_PPT
Abhishek Kumar Ravi
 
PPTX
Firewall, Router and Switch Configuration Review
Christine MacDonald
 
PPT
Radius1
balamurugan.k Kalibalamurugan
 
PPTX
Network Design and Security Best Practices
Mike Sherwood
 
DOC
Jennings it security overview 1 2
Donald Jennings
 
DOCX
IT327-1404A-01 Implementing, Managing and Mainta.docx
priestmanmable
 
PDF
A Brief Note On Companies And The Largest Ever Consumer...
Erin Moore
 
DOCX
Final Project – Incident Response Exercise SAMPLE.docx
lmelaine
 
DOCX
Cis 332 Technology levels--snaptutorial.com
sholingarjosh56
 
DOCX
Cis 332 Success Begins / snaptutorial.com
Robinson069
 
PPTX
Arcelor Mittal intern
Anshul Jain
 
NAC_p3.pptx
Saurabh846965
 
CIS 401 Entire Course NEW
shyamuopuop
 
Application Of An Operating System Security
Amber Wheeler
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
PIW ISE best practices
Sergey Kucherenko
 
Global Advertising, Inc.
Nicole Wells
 
Jennings it security overview 1 2
Donald Jennings
 
802.1x Implementation Plan for Seacoast
Sithideth Banavong
 
BOSNOG NAC stack 2018
GENIANS, INC.
 
Network_Administration_PPT
Abhishek Kumar Ravi
 
Firewall, Router and Switch Configuration Review
Christine MacDonald
 
Radius1
balamurugan.k Kalibalamurugan
 
Network Design and Security Best Practices
Mike Sherwood
 
Jennings it security overview 1 2
Donald Jennings
 
IT327-1404A-01 Implementing, Managing and Mainta.docx
priestmanmable
 
A Brief Note On Companies And The Largest Ever Consumer...
Erin Moore
 
Final Project – Incident Response Exercise SAMPLE.docx
lmelaine
 
Cis 332 Technology levels--snaptutorial.com
sholingarjosh56
 
Cis 332 Success Begins / snaptutorial.com
Robinson069
 
Arcelor Mittal intern
Anshul Jain
 
Ad

More from ssuserf9c51d (20)

DOCX
Muslims in the Golden Age is the theme for the research project. You.docx
ssuserf9c51d
 
DOCX
Multiple Sources of MediaExamine the impact of multiple sour.docx
ssuserf9c51d
 
DOCX
Multicultural Event WrittenPlease choose and research a cult.docx
ssuserf9c51d
 
DOCX
Multi-Party NegotiationFor this Essay, you will explore the co.docx
ssuserf9c51d
 
DOCX
Music has long been used by movements seeking social change.  In the.docx
ssuserf9c51d
 
DOCX
MSW Advanced Clinical Concentration -Student Learning AgreementW.docx
ssuserf9c51d
 
DOCX
Multimedia Instructional MaterialsStaying current on technolog.docx
ssuserf9c51d
 
DOCX
Murray Bowen is one of the most respected family theorists in th.docx
ssuserf9c51d
 
DOCX
Mrs. Thomas is a 54, year old African American widow, mother and gra.docx
ssuserf9c51d
 
DOCX
Multiple Source Essay, Speculating about CausesProposing a Solution.docx
ssuserf9c51d
 
DOCX
Multiyear Plans Please respond to the followingDo you.docx
ssuserf9c51d
 
DOCX
Multinational Financial ManagementDetermine key reasons wh.docx
ssuserf9c51d
 
DOCX
Murder CasePreambleAn organization system administrator .docx
ssuserf9c51d
 
DOCX
Multimodal Personal Narrative – Develop a multimodal document to bot.docx
ssuserf9c51d
 
DOCX
Multigenre ProjectEN101O Fall 2019 Dr. WalterA Multigenre Pr.docx
ssuserf9c51d
 
DOCX
Multimedia activity Business OrganizationVisit the Choose Your .docx
ssuserf9c51d
 
DOCX
Multicultural PerspectiveToday’s classrooms are diverse and .docx
ssuserf9c51d
 
DOCX
Muhammad Ali, how did his refusal to go into the army affect his.docx
ssuserf9c51d
 
DOCX
MS 113 Some key concepts that you need to know to navigate th.docx
ssuserf9c51d
 
DOCX
Much has been made of the new Web 2.0 phenomenon, including social n.docx
ssuserf9c51d
 
Muslims in the Golden Age is the theme for the research project. You.docx
ssuserf9c51d
 
Multiple Sources of MediaExamine the impact of multiple sour.docx
ssuserf9c51d
 
Multicultural Event WrittenPlease choose and research a cult.docx
ssuserf9c51d
 
Multi-Party NegotiationFor this Essay, you will explore the co.docx
ssuserf9c51d
 
Music has long been used by movements seeking social change.  In the.docx
ssuserf9c51d
 
MSW Advanced Clinical Concentration -Student Learning AgreementW.docx
ssuserf9c51d
 
Multimedia Instructional MaterialsStaying current on technolog.docx
ssuserf9c51d
 
Murray Bowen is one of the most respected family theorists in th.docx
ssuserf9c51d
 
Mrs. Thomas is a 54, year old African American widow, mother and gra.docx
ssuserf9c51d
 
Multiple Source Essay, Speculating about CausesProposing a Solution.docx
ssuserf9c51d
 
Multiyear Plans Please respond to the followingDo you.docx
ssuserf9c51d
 
Multinational Financial ManagementDetermine key reasons wh.docx
ssuserf9c51d
 
Murder CasePreambleAn organization system administrator .docx
ssuserf9c51d
 
Multimodal Personal Narrative – Develop a multimodal document to bot.docx
ssuserf9c51d
 
Multigenre ProjectEN101O Fall 2019 Dr. WalterA Multigenre Pr.docx
ssuserf9c51d
 
Multimedia activity Business OrganizationVisit the Choose Your .docx
ssuserf9c51d
 
Multicultural PerspectiveToday’s classrooms are diverse and .docx
ssuserf9c51d
 
Muhammad Ali, how did his refusal to go into the army affect his.docx
ssuserf9c51d
 
MS 113 Some key concepts that you need to know to navigate th.docx
ssuserf9c51d
 
Much has been made of the new Web 2.0 phenomenon, including social n.docx
ssuserf9c51d
 
Ad

Recently uploaded (20)

PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Trump Administration's workforce development strategy
Mebane Rash
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 

Table of Contents Capstone Project Summary ................docx

  • 1. Table of Contents Capstone Project Summary ............................................................................................... ......... 1 Review of Other Work ............................................................................................... ................ 3 Project Rationale ............................................................................................... ......................... 5 Systems Analysis and Methodology .......................................................................................... 7 Goals and Objectives ............................................................................................... ................. 10 Project Deliverables ............................................................................................... .................. 15 Project Timeline ............................................................................................... ........................ 21 Project Development ............................................................................................... ................. 21
  • 2. Conclusion ............................................................................................... ................................. 26 Appendix A: Implementation Configuration Documentation ................................................. 28 Appendix B: Testing Documentation ...................................................................................... 29 Appendix C: Maintenance Procedures .................................................................................... 32 References ............................................................................................... ................................. 34 Configuring Active Directory Authentication for Force 10 Switches Page 1 Capstone Project Summary I have been employed with a medium sized financial institution, as a Network and Data Center Administrator for the last five years. The company has a headquarters location and seven branch locations. Some of my assigned duties are the
  • 3. management of network devices, management of Microsoft Windows servers, and access control management for user account access to network resources. The company’s security policy requires all users to change their user account passwords every forty days. The policy includes all network access user accounts including the accounts of the network administrators that manage devices. The security policy is actively enforced on Microsoft Active Directory user accounts. There is a Group Policy set up in Active Directory that causes each user account password to expire after forty days forcing users to change their passwords. The user accounts used by network administrators to manage the company’s network switches were not the same as their Active Directory user accounts and the policy was only passively enforced. Each switch was configured to use a local database of user accounts for administrators. There are a total of fifteen network switches in the company and three network administrators to manage them. There are eight switches
  • 4. installed at the headquarters location and one switch at each of the seven branch locations. Since each switch had its own database of user accounts, the network administrators were required to connect to each switch every forty days to change their password. There were mixed results for each administrator every forty days. Sometimes an administrator would change their passwords on all fifteen switches as required by the security policy, but unfortunately it didn’t always happen that way. There were times they would change their passwords on some, but not all of the switches leaving some Configuring Active Directory Authentication for Force 10 Switches Page 2 completely unchanged. Many times the passwords were not changed in the forty-day time frame as required. When the appropriate password changes did not meet the forty-day requirement, the administrator, and the department, were no longer compliant with the security policy. To resolve the possible non-compliance issues, it was
  • 5. determined that the network administrators should use their Microsoft Active Directory user accounts to access and manage these switches. As mentioned above, there is a Group Policy in place forcing users to change their account passwords every forty days. By using their one centrally managed Microsoft Active Directory user account for network management it eliminates the requirement for the administrators to change user account passwords on all fifteen switches every forty days. The company already utilized a Remote Authentication Dial-In User Service or RADIUS configured on a Windows Server to authenticate with Active Directory user accounts for VPN access. For this project I configured RADIUS to also be used to authenticate the user accounts of the network administrators for managing the network switches. To complete this project, I configured each switch as a RADIUS client on the Windows Server. I then, on that same server, created a network policy that grants access to the three network administrator’s Active Directory user accounts.
  • 6. Once the RADIUS configuration was completed on the server I configured each of the fifteen switches. Each individual switch needed to be configured with the IP address of the RADIUS server, and to use that server for its authentication method. Each switch was then configured to use both RADIUS and a local user account database as a backup in case the server is unavailable. The individual local user accounts for the network administrators were removed from each switch and a single local user account has been created for that backup purpose. Configuring Active Directory Authentication for Force 10 Switches Page 3 At the completion of each switch configuration, access was tested for all three network administrator’s user accounts and recorded in a report for documentation of its success. Other documentation of this project includes sample Force 10 configuration commands detailing how RADIUS was implemented, a sampling of the RADIUS debug command output recording a user
  • 7. being authenticated for management access to a switch, and documentation on maintaining users and switches in the future. Review of Other Work The proposed solution to the issue of the corporate security policy’s forty-day password requirement and network administrators’ non-compliance will required multiple technologies, but there was one technology at the solution’s core and that is Remote Authentication Dial-In User Service (RADIUS). RADIUS is an Internet Engineering Task Force (IETF) standard protocol described by Cisco Systems (2006) as “a client/server protocol” where the “client passes user information to designated RADIUS servers…RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary” Using the description from Cisco Systems as a model, the Force 10 switches were configured as the RADIUS clients, that pass user information to the company RADIUS server.
  • 8. The RADIUS server then authenticates the network administrator user accounts from Active Directory to grant access for management of the switches. To allow this communication between the switches and the server using the RADIUS protocol both the server and the switches required new configuration changes. The company already utilized a server with Windows Server 2008 R2 and the Network Policy Server (NPS) role installed. “Network Policy Server (NPS) is Microsoft’s implementation Configuring Active Directory Authentication for Force 10 Switches Page 4 of a RADIUS server in Windows Server 2008 R2.” (Panek, 2011, p. 662). Within NPS there were two necessary configuration changes. The first NPS configuration change was to add each Force 10 switch as an individual RADIUS client. The requirements for a RADIUS client configuration are the IP address of the switch and a phrase or word that will be used as a shared secret. A shared secret is “a text string
  • 9. that serves as a password between: A Remote Authentication Dial-In User Service (RADIUS) client and RADIUS server.” (Microsoft TechNet Library, 2008). The second NPS configuration change was to create a Network Access Policy to be used with the RADIUS clients. This policy is used to “determine who can and cannot connect; you define rules with conditions that the system evaluates to see whether a particular user can connect.” (Panek, 2011, p. 689). Each Network Access Policy has assigned attributes, and this new policy has been assigned a Windows Group and the newly created clients. Any user accounts assigned to the Windows Group chosen in the policy will be granted access to the RADIUS client. A new group was created in Active Directory for this purpose. Microsoft Active Directory is defined as “an extensible directory service that enables centralized management of network resources.” (Smart Brain Training
  • 10. Solution s, 2014, p. 7). Active Directory’s role or responsibility is determined to be “authorizing access, managing identities, and controlling the relationships between the resources.” (Smart Brain Training