In this brief introduction we want to give you an idea of some important concepts for identity and access management (IAM), and of the related challenges organizations face. We will also see how IAM is one of UCS strengths and why UCS is being adopted by large companies, and by governmental institutions, to manage tens of million identities.
After the waves of attack by ransomware WannaCry in May and its successor Petya in June, agitation prevails in many IT departments. The economic damage is now already in the billions and CIOs are under great pressure to protect companies and their users from new attacks. But how can you protect your company against these attacks, which have the potential to destroy all files?
In the owncloud blog we announced a number of new features to better protect your data. As the free community edition of ownCloud is also available in the Univention App Center, I am glad to share this inform with you here today:
Workplaces become more remote and mobile while individuals are increasingly equipped with (private) mobile devices. In this context it is good to know about RADIUS, because private end devices require simple access to an organization’s network. At the same time you need to avoid that these devices open the doors for malware or leakage. RADIUS is such an instrument for the construction of secure, decentralized work structures and equally a powerful tool for the authentication of mobile device accesses to networks.
In the following, we like to give you a brief understanding of what RADIUS is and how you can use it with UCS.
Samba 4 has become the tool of choice for companies with diverse clients that seek a Linux-based central identity management. However, a growing number of organizations are offering work from home options and manage distributed operations like construction companies with a computer at every construction site or an insurance provider with several offices. The securing of all authentication processes when employees log in your network also from outside, is critical to protect your data.
But how to do that?
You need to add a VPN solution which starts before the login if you want to enjoy the advantages of single sign-on and policies that Samba provides. The following how-to will describe how to add OpenVPN to an existing Samba 4 installation to automatically secure client authentications over an untrusted network.
When recently assisting a customer in choosing a new cloud service provider, the providers of choice offered 95%, 99%, and 99.9% availability labeling their service “High Availability”. For the human brain and considering a scale from 0% to 100% all of these numbers sound rather good, and we would naturally think, that these services almost never fail. However, let us have a closer look at what high availability truly means for IT environments and how it affects UCS and let us think about why you should also consider the time to recovery and planned downtimes.
The school IT service in the rural district of Kassel, Germany, is responsible for the maintenance and operation of the IT infrastructure in 72 schools counting a total of 25,000 pupils and 2,000 members of staff.
Our IT support is based in the media center in Hofgeismar, but as a rural district we are of course faced with certain challenges presented by the distribution of the schools throughout the district. Our overall support concept is oriented toward the decentralized structure. From an organizational and technical perspective, we aim to centralize as much as possible, but the individual support technicians are often out of the media center for days at a time working on site in the schools.
The Kaspersky Security for Linux Mailserver app was developed by bitbone AG in cooperation with Univention and Kaspersky Lab support.
The proven security product from Kaspersky is thus also available for the widely used Univention Corporate Server. Thanks to the adaptations, it can be easily installed and deployed via the App Center.
If you are planning to use security software, you will surely stumble upon this term, as this method provides additional protection for your business when it comes to login processes, especially for data-sensitive areas. Often enough, it has happened in the past that the identities and associated passwords of users from, for example, large mail providers like Yahoo were stolen. As users often use the same password for different services, there is a risk that the criminals use the stolen data to gain access to other services, thus causing great damage. Securing user authentication against sensitive areas or business-used services not only by requesting a password but also through a second authentication, data breaches become much more difficult for attackers.
In the past months, our development department has worked intensively on bringing all the important UCS components to the latest state-of-the-art.
