3.7 Given a Scenario, Implement Identity and Account Management Controls Flashcards
IAM
Identity and access management is combination of authentication and authorization into a single solution.
Identity implemented as a controls
Identity is the first step in AAA (authentication, authorization, accounting)
IdP
Identity provider- is a system that manages and creates identities within a internal network, CSP, Directory, or third party.
Provides SSO solutions for intranet.
Attributes in Identity control
Attributes are specific characteristic that belong to a entity (person, Corp, or business.)
Certificates
mechanism for verifying the identity of devices, systems, services, applications, networks, and organizations
Tokens
a digital file that is issued to a person or device when successful log in.
SSH Keys
Used in a SSH session setup to identify the client.
Account Types
User Account
Shared Account
Guest Account
Service Account
User Account
User Account is a standard account that every user has.
Some User Accounts have more rights such as System Admin.
Shared Accounts
A public account such as a Kiosks that everyone has access too.
Guest Account
Guest Account are account that have very limited privileges.
Guest account should have some way to identify who the guest account be longs too.
Service Accounts
Service accounts are accounts that have very acute privileges for test a applications.
Account Polices
Polices that explain the security standard for organization.
Password Policy
Password policy enforces rules that a user follows when creating passwords. (Length, minimum, age, complexity)
Password History in correlation to Policy
Previous passwords are archived so that the same password wont be used.
Time-Based Logins
Logs out a user when time has expired on a user accounts.
Access Polices
Defines what access is granted over a object or asset. Focuses on the users job description.
Account Audits
Checking the activity of a account
Disablement
Account Admin disables a account either by setting a expiration date or manually disabling it