The purpose of this thesis is to investigate if there are environments that use some kind of central Authentication system within institutions/schools. The hypothesis is that an institution not using a form of central Authentication service has more need for maintenance and as such is considered a higher cost for the organization. The gathering of data has been done through interviews with technical personal at Blekinge Tekniska Högskola and Linköpings Universitet. Based on the technical background of the authors, and the system limited to discussing Windows and UNIX operating systems, a discussion and analysis of the systems working today has been done, with emphasize on the hypothesis..

This analysis recommends not to use Windows Server 2008 without properevaluation in any system containing classified information. The reasons are too lowassurance and too weak Authentication. If Windows Server 2008 is to be used itshould be supplemented with a stronger Authentication mechanism. The installationshould preferably be of Server Core type and the server should be maximallyhardened..

The purpose of this thesis is to investigate if there are environments that use some kind of central Authentication system within institutions/schools. The hypothesis is that an institution not using a form of central Authentication service has more need for maintenance and as such is considered a higher cost for the organization. The gathering of data has been done through interviews with technical personal at Blekinge Tekniska Högskola and Linköpings Universitet. Based on the technical background of the authors, and the system limited to discussing Windows and UNIX operating systems, a discussion and analysis of the systems working today has been done, with emphasize on the hypothesis..

This report has a purpose to identify the payment methods available for e-commerce, tosee if they fulfill certain requirements. By investigating thirty of the most popular webshops, a few primary services have been found and revised. Security requirements fore-payment systems include Authentication, non-repudiation, integrity and confidentiality.Other requirements considered to be important are usability, flexibility, affordability,reliability, availability, speed of transaction and interoperability. Advantages and disadvantageshave been identified to see if the services fulfill the requirements. Also surveysof consumer payment habits have been investigated to identify the factors of decisive importanceto the usage of payment services.

Business and organizations use computer network in a greater extension than ever before, especially for business-critical use. That increase the demand of security for all systems, both against internal and external threats. The demand on the Authentication method used today increases. Today they normally uses password or some kind of smart card. I will performa literature study that will investigate the possibility to increase the security in Authentication of users without the use of extra hardware.

In this report hardware based alternatives to password Authentication in a Windows domain are evaluated for the needs of a certain company. In order to investigate the demands on such alternatives interviews with people concerned have been carried out. The demands which resulted from the interviews have been used to select types of hardware tokens for evaluation. Two products which offer Authentication with smart cards and USB tokens have been selected and closer evaluated. These are RSA Passage which offers both hardware options and Rainbow iKey which uses USB tokens.

This report describes the development of a RESTful web service for mobile applications. The web service makes resources from an existing system called kompetensdatabasen ("the competence database") available. Kompetensdatabasen holds information about the capabilities of consultants and about assignments carried out at the IT consultant business Nethouse AB.The web service was developed according to the principles of REST and ROA (Resource Oriented Architecture) which puts focus on making resources available. The resources are made available through the HTTP protocol and the methods associated with it. This means it was designed to use the same technologies as the world wide web.

This report is the result of a sub-project of a larger project to create a platform formathematical education. The sub-project focuses on Authentication with associ-ated security, where security is emphasized. The project environment is Java EE 6where GlassFish 4.0 acts as the server. The project has been divided into threeparts; password encryption, Java EE Authentication and brute force attack. Thepassword encryption part focuses on examining different hash functions executionspeed, the result shows that none of the examined hash algorithms is suitable fordirect use.

The IPv6 protocol offers with some new functions, one of them is auto configuration. With auto configuration it is possible for nodes, i.e. hosts and routers, for automatically associated with IPv6 addresses without manual configuration. Auto configuration it is another protocol as it uses Neighbor Discovery protocol (ND) messages (ND is mandatory in the IPv6 stack). The main purpose of ND is that nodes can discover other nodes on the local link, perform address resolution, check that addresses are unique, and check the reachability with active nodes.There are exactly the same vulnerabilities of IPv6 as IPv4 and is now exception, ND if not properly secured.

This examination work is about implementation of Cisco Systems Network Admission Control (NAC) within a leading IT-company in region of Jönköping. NAC is a technique that is used for securing the internal network from the inside. NAC can verify that the client who connects to the network has the latest antivirus updates and latest operative system hotfixes. Clients who don?t meet the criteria can be placed in quarantine VLAN where they only have access to the update servers.

Near Field Communication (NFC) is a short range wireless communication technology that enables data exchange between devices. NFC is used in many different areas, from subway tickets to Authentication systems. This paper presents possible security threats to Near Field Communication and documented attacks that have been used to target various NFC protocols. Weaknesses in different NFC protocols will be presented and suggestions on how to counter certain weaknesses will be discussed. This survey will be valuable for companies interested in protecting their data when using or planning to use NFC systems..

Title: A hosting service for software development projects that use the Git revision control system. To learn using tools to make software development more effective should be self-evident at a high level institution as the competitive industry races on. The absence of directives for programming students in Sweden to use source code management (SCM) was the basis for this report. The report describing the developing of a hosting service for software development to use SCM of Git, which includes a web application, storage, API and Authentication of students. The project resulted in a hosting service and a smaller survey of how the today Swedish students using habits of SCM during their studies..

Denna rapport beskriver planering och utveckling av en Android-applikation och en webbtjänst på uppdrag av Explizit AB. Applikationen och webbtjänsten ska vara knutna till CheckUp Life, en produkt för kontroll och uppföljningar av personers hälsostatus. Kraven är att Android-applikationen visuellt och funktionsmässigt ska likna den webbapplikation som idag existerar för CheckUp Life samt att kommunikation mellan applikation och webbtjänst håller hög säkerhet. Resultatet blev en REST-baserad webbtjänst, med WCF i grunden, säkrad med SSL och basic Authentication och en Android-applikationen som kommunicerar med webbtjänsten samt visuellt och användarmässigt liknar webbapplikationen..

This report is written for a consultant networking company with the purpose to review the development ofthe company's remote connections from a user friendly and security perspective.This includes an investigation of the possibilities to consolidate existing Authentication methods foraccessing customers. The problem lies in the amount of methods being used. Through case study wefound that smart cards, SMS-service, software and hardware tokens exist.The only method feasible from a security perspective is smart cards. Since the method is not commonlyused by the company's customers a standardization of it would be counterproductive.Also, the purpose of this report is to investigate how the ongoing internal development of the remoteconnection will affect the company's clients. Within this framework we have also verified a designsuggestion.We interpret, after the completion of the case study, that the internal development of the remoteconnection is marginally affected by legal perspectives.

Användare av webbaserade inloggningssystem hotas av sessionskapningsangrepp, där angripare kan ta över andras konton, oavsett hur stark autentiseringsmekanismen är. HTTP-protokollets tillståndslösa natur tvingar klienter att skicka ett sessions-ID, oftast genom kakor, för att låta servern autentisera varje meddelande efter inloggningen; en angripare behöver endast få tag på detta ID för att fullfölja angreppet. Detta arbete har, utifrån en omfattande litteraturstudie och med ASP.NET Forms Authentication som exempel, visat hur diverse svagheter kan låta angripare få tag på sessions-ID:t på olika sätt ? även om HTTPS används för att kryptera kommunikationen. Arbetet har dessutom sammanställt en uppsättning riktlinjer som webbutvecklare kan använda för att försvara sina webbsajter mot dessa angrepp, bland annat genom att sätta HttpOnly-flaggan för sina kakor för att försvåra avläsning på klientdatorn, samt att eventuellt förknippa inloggningssessionen med användarens IP-adress.