4.1 Compare and contrast identity and access management concepts Flashcards
Identification, Authentication, Authorization, and Accounting (AAA)
Identification
Identification is the process of presenting identification information about yourself to the system. The identification service typically requires the user to type a username, but could require the user to insert a smartcard into a card reader, for example.
Authentication
The authentication service is responsible for validating the credentials presented by the user and typically involves having an authentication database of criteria. For example, when a user logs on with a username and password, that information is then verified against an account database.
Authorization
Once the account information has been verified, the user is granted access to the network. The authorization component may need other criteria besides account information before granting access. For example, the authorization service may require that the authentication request come from a specific subnet.
Accounting
The fourth service offered as an authentication service is accounting. Accounting deals with logging activity so that you can bill different departments for their usage of the different services or hold users’ activity accountable in case of misusage
Multifactor Authentication (Authentication Factors)
.
Multifactor Authentication - Something You Are
With this more advanced authentication factor, you submit a physical characteristic of yourself, such as your retina (the most secure, so far), fingerprint, or voice, to prove your identity. Authenticating to a system using this method is known as biometrics and is considered the most secure method of authentication.
Multifactor Authentication - Something You Have
Also a common authentication factor, this is based on your having something in your possession to gain access to the environment.
For example, you use a swipe card or physical token to enter a building. Another example is when a web site sends you a text message with an authorization code when you log in. You need to have your phone with you to receive this SMS message, and then you type the authorization code as confirmation that you have the phone. This occurs after you have typed your username and password as well
Multifactor Authentication - Something You Know
This is the most common authentication factor, where you know the information to prove your identity.
Examples of this authentication factor are knowing a password or a PIN.
Multifactor Authentication - Somewhere You Are
An authentication system can authenticate you based on your location. This could be a GPS location or IP subnet information.
Multifactor Authentication - Something You Do
This newer form of authentication factor is based
on your habits. For example, a system may use your typing patterns in conjunction with another authentication factor to authenticate you.
Federation
A term used to describe authenticating and authorizing users across organizations and application boundaries.
Single Sign-On
Single sign-on (SSO) allows a user to authenticate to the network once and access multiple systems without needing to provide additional credentials.
Transitive Trust
The term associated with allowing access based on a trust model. For example, if ComputerA trusts ComputerB, and ComputerB trusts ComputerC, then ComputerA will trust ComputerC in a transitive system via the trust to ComputerB.