4.0 - Identity and Access Management Flashcards
How often does Identification happen?
Identification is the process of ascribing a computer ID to an specific user, computer, network device, or computer process. It tends to only happen once, as that entity is brought into the network.
What are AAA:
AAA stands for:
- Authentication - verifying identity (login)
- Authorization - permitting or denying access (rights and permissions)
- Accounting - tracking resource usage (log files?)
What are the five broad categories of multi-factor authentication?
Multi-factor authentication can include:
- What you are (biometrics)
- What you have (token)
- What you know (password)
- Somewhere you are (geolocation)
- Something you do (physical performance)
What is Identity Federation?
Federation or Identity Federation defines policies, protocols and practices to manage identies across systems and organizations.
What are the advantages of SSO?
For the user, SSO reduces how often they will have to authenticate.
For the organization, SSO can lock a user out of all systems if one is compromised.
What is a Transitive Trust relationship?
In a Transitive Trust Relationship. System A enters into a trust relationship with System B. Because System B already trusted System C, now System A also trusts System C. Inherited trust.
Types of Accounts?
Accounts:
- Shared / Generic
- Guest
- Service
- Privileged
What auditing method is good at finding compromises and attacks?
Audits of failed login attempts.
What drives the application of account management?
Policies, defined by the business side of the house, should be the driving force behind account management decisions.
What is Account Maintenance?
Account Maintenance is the routine screening of all attributes of an account. This questions whether the account is still valid, and whether the access rights are still correct.
When might Location Based Policies be useful.
Location Based Policies may be a good idea for remote access, or organizations with many locations.
What is Credential Management?
Credential Management is a process, service or software used to store and manage user credentials.
What pros and cons does the NIST indicate about password rules?
In June of 2017, a NIST report stated that complexity rules designed to force entropy into passwords do so at the risk of user behavior such as writing them down or versioning them.
Nonetheless, the standard is to enforce minimum length, and three of the four: upper case, lower case, numbers and special characters.
Who should inform the security team about employee departures?
The first line management should inform security when an employee leaves the organization. HR should be a back-stop, not a primary.
Why does a system need a miniumum password age.
Minimum password age keeps a user from cycling through a number a passwords so their prefered password is no longer in the password history.
What is Recertification?
Recertification is the process of verifying that all users are still employed and still require accounts.
An employee has left the organization. What should be done?
Their account should be disabled (not deleted).
How does LDAP connect?
LDAP connects to a Directory System Agent (DSA) on TCP/UDP 389.
SDAPS (LDAP over SSL) connects on port 636.
How does Kerberos authentication work?
- The user presents credentials and gets a TGT (Ticket-Granting Ticket) from the KDS (Key Distribution Server).
- The user presents the TGT and a request for services to the KDS.
- The KDS verifies the request and issues a Client-to-Server ticket.
- The user presents the Client-to-Server ticket to the requested service.
All transactions are encrypted, making the system safe.
What is TACACS+ used for?
Typically TACACS+ is used for admin access to routers and firewalls.
It typically runs on TCP port 49.
TACACS+ is not backwards compatible with TACACS. It has good separation of authentiction, authorization and accounting functions.
Comms are encrypted with a shared secret that is manually set on devices and never transmitted over a connection.
How does TACACS+ authentication work?
TACACS+ can use many types of autheticaiton, Typcially a remote connection is made to a NAS (Network Access Server) on the remote network. The NAS authenticates the user, then sends a START message to the requested device. The communication between the user and the requested device begins.
Commands used are START, REPLY and CONTINUE.