Title: Secure Outlook Web Access
1Secure Outlook Web Access
- 1/c Hermie Mendoza and 1/c Kevin Connell
- Project Advisor LT Todd Moyer
- Sponsor TISCOM
2Introduction
- Foreseeable need for secure, easy remote access
to email - What weve accomplished
- Possible project deployment options
3Project Objectives
- Develop proof-of-concept by
- Designing and configuring a prototype network
- Enabling remote access to the network
- Utilizing the Common Access Card (CAC) for
increased security
4Current Coast Guard Email Accessibility
- Locally logged on to CGDN
- At standard workstation through Microsoft Outlook
- Remote access
- Remote Access Server (RAS) tokens
- Mobile telecommunication devices (Treo)
5Increasing User Authentication Security
- Current two factor network authentication
includes - Network username
- Network password
- Increasing security by adding two additional
factors - Common Access Card
- PIN
http//integrator.hanscom.af.mil/2005/September/09
222005/Air20Force20Portal.jpg
6Secure Socket Layer(SSL)
http//informationsecurity.techtarget.com/informat
ionsecurity/images/vol2iss4/ism_apr2006_f4_img1.jp
g
7Project Hardware
- SSL VPN Hardware-based Device
- Creates a secure tunnel from the users computer
to the remote server (OWA) - Available from many different vendors including
Juniper Networks and Cisco Systems
8Software Used
- Server Operating System
- Windows Server 2003 with Active Directory
- Microsoft Exchange Server 2003 with Outlook Web
Access (OWA) enabled - Microsoft ISA Server 2006
- Client Operation System
- Windows XP Professional
9Prototype Network Topology
PECE.USCGA.EDU
10Project Success and Shortcomings
- Developed network to mimic CGDN
- Email can be sent and received internally
- Acquired pece.uscga.edu subdomain
- Breakdown between firewall and internal network
- No CAC authentication
11Software Deployment Options
- OWA with CAC logon
- Proven by DoD
- Complement July 07 CAC logon onto CGDN
- OWA logon with only username/password
12Conclusions
- Foreseeable need for secure, easy remote access
to email - What weve accomplished
- Possible project deployment options
13Acknowledgements
- TISCOM
- LT Todd Moyer
- Mr. Keith OBrien
- CGA Information Systems
14Questions?
http//www.nevada.edu/blake/dilbert.html
15Public Key Infrastructure
- Framework and services that provide for
- Provides the mechanism to deliver a
representation of a physical Identity in a unique
digital form
- Generation
- Distribution
- Control
- Tracking and
- Destruction of certificates
16DoD PKI Certificate Authority Hierarchy
NSA
Denver CA
Chambersburg CA
Intermediate CA
TRICARE Defense Enrolment Eligibility Reporting
System
Registration Authority
Local ID Card Issuing Office
Local Registration Authority
User
User
User
User
User
17SSL Closer In-Depth
Server
Client
Server says hello
Server certificate
1. Does the user's public key validate the
user's digital signature? 2. Is today's date
within the validity period? 3. Do I trust the
Issuer of the Users certificate? 4. Does the
issuing CA's public key validate the Issuer's
digital signature?
1. Is today's date within the validity
period? 2. Do I trust the Issuer of the Servers
certificate? 3. Does the issuing CAs public key
validate the Issuer's digital signature?
Server requests client certificate
Client certificate signed data
Pre-master secret encrypted with server Public
Key
Will use the Session Key now...
Okay, me too...
Handshake done secure channel established
18http//common.ziffdavisinternet.com/util_get_image
/2/0,1425,sz1i26398,--.gif
19http//www.hilltoptimes.com/Images/story_photos/23
6/Card201.jpg