Secure Intranet Portal Login:Describe what Windows-integrated authentication is and how it could potentially be used to provide secure access control to the portal.
Secure Intranet Portal Login
You are the security professional for a medium-sized manufacturing company. The organization would like to deploy a secure portal for in-house use only. The portal will be available from the company’s intranet. The company is utilizing a Microsoft Internet Information Services (IIS) server to run the local intranet website. The portal will be created by in-house programming staff utilizing ASP.NET technology and scripting.
The management requires the login to be protected using Hypertext Transfer Protocol Secure (HTTPS). In addition, the management would like to use an integrated login so that users do not have to remember or create a separate username or password for this portal login. The company is using a Windows Server 2012 Active Directory infrastructure. All users logging on to the portal also have existing active directory user accounts. The company also has an in-house Windows Server that serves as a local certificate authority for other existing web applications and services.
Create a 4- to 5-page report that will be shared with the company’s board of directors, providing guidance and recommendations on how to best secure the web portal. Your report should cover the following aspects:
- Describe what Windows-integrated authentication is and how it could potentially be used to provide secure access control to the portal.
- Describe the use of Windows security groups and explain how a connection to active directory could be performed using the existing technology (existing IIS server and Windows Server 2012 Active Directory).
- Describe how Windows certificate services work. Recommend a solution that would utilize the in-house Windows certificate authority server to provide a certificate to the new portal.
- Explain how users can connect and log on to the portal in a secure fashion using secured socket layer (SSL) or HTTPS to ensure that all login credentials and activities on the portal are secure and encrypted.
Ensure that you write in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.