3.7 Flashcards
What is the Identity provider?
IdP
Authentican as as Service (Aaas)
A list of entities
Commonly used by SSO applications
What are some attributes of (IdP)
An identifier
- provides identification
personal attributes
- Name or email address
What do certificates do? What so digital certificates do?
Certificates bind the identity of the certificate owner to a public and private key
Encrypts data, create digital signatures
Digital certificate
- Assigned to a person or a device
What is the difference between a smart card and a USB token
Smart card integrates with devices and may require a PIN. USB token has the certificate on the USB device
SSH keys
Use a key instead of username and password.
Public and private keys are critical for automation
SSH key-based authentication
Create a public/private key pair
- ssh-keygen
Copy the public key to the SSH
- ssh-copy-id user@host
What type of account is associated with a specific person. The computer associates the user with a specific identification number
User account
Is it difficult to manage an audit trail with a shared or generic account?
Yes, it is hard to track who was working
What are some privileges listed with a guest account
No access to change settings, modify applications, view other user’s files . Not the default removed from Windows 10
What are service accounts
Used exclusively by services running on a computer. For example web server or database server
Do privileged accounts have one of the following or all of the following?
- Elevated access to one or more systems
Complete access to the system
All of the listed elements are associated with privileged accounts
Should privilege accounts be highly secured
Yes
What are account policies
Control access to an account. Confirm authentication policies are in place and in line with password policies, authentication factor policies, and other considerations
What is permission auditing
Make sure everyone has the correct permissions.
Name some location based policies
Network location Geolocation Geofencing Geotagging Location-based access rules