4.4 Flashcards
federated single sign-on (SSO)
also known as Federated identity management, refers to the formation of a trusted relationship between separate entities and
third parties, such as cloud/application vendors or
partners, enabling them to share identities and authenticate users across domains and realms
SSO allows a user to:
access multiple applications
using a single set of credentials
LDAP servers are:
easy to install, maintain, and
optimize, but they are without solid security of the
queries, updates, and valuable information in the
LDAP directory
Lightweight Directory access protocol (LDAP)
Lighter, cross platform, and standard base solution 
security assertion markup language (SAML)
an XML-based open-source SSO standard
A key advantage of SAML
open-source
interoperability
Open authorization (OAuth)
an open authorization framework that allows a third-party application to get limited access
to an HTTP service
Developers use OAuth to
publish and interact with
protected data in a safe and secure manner
Service provider developers can use OAuth to
store protected data and give users secure delegated
access
mandatory access control (MAC)
an access control policy that is uniformly
enforced across all subjects and objects within the
boundary of an information system.
(MAC)
A subject that has
been granted access to information is constrained from
doing any of the following:
- Passing the information to unauthorized subjects or objects
- Granting its privileges to other subjects
- Changing one or more security attributes on subjects,
objects, the information system, or system components - Choosing the security attributes to be associated with
newly-created or modified objects - Changing the rules governing access control”
A mandatory access control model uses
a strict set of established sensitivity levels and access controls
for integrity and confidentiality based on classifications
Discretionary access control (DAC)
DAC models involve control and management by the
owner/creator of the object
DAC leaves a certain amount of access control to the
discretion of the object’s owner – or anyone else
who is authorized to control the object’s access
The DAC policy is enforced over all entities so that a subject being granted access can:
- Pass the information to other subjects or objects
- Grant its privileges to other subjects
- Change security attributes on subjects, objects,
information systems, or system components - Choose the security attributes to be associated with
newly-created or revised objects; or - Change the rules governing access control
Multi-factor authentication (MFA)
typically involves adding
an additional authentication mechanism to the initial origin authentication or credential
presentation
- Something you know
- Something you have
- Something you are
- Somewhere you are
4 MFA authentications
- Something you know
- Something you have
- Something you are
- Somewhere you are
Something you know
Password
Personal identification number
(PIN)
Secret word or phrase
Passphrase
Something you have
Hard/soft authentication tokens
(YubiKey/Authy)
Badge or smart card
Security keys
X509v3 certificates
Something you are
Fingerprint
Ocular biometrics
Speech patterns
Facial recognition
Somewhere you are
Remote client-based and
clientless VPN
Remote Software Defined
Perimeter (SDP)
Cloud IdM managed
network
802.1x wired or wireless
network
Fingerprint biometric
oldest and most common biometrics since they vary from person to person
and do not change over time
A fingerprint scanner system has two functions
- Gets an image of the finger
- Determines whether the outline of ridges and valleys in the image matches the patterns in pre-scanned images
facial recognition
One of the fastest growing mechanisms prepandemic
Commonly used to identify or verify an individual in still or video images
The main applications of face recognition are
areas of security biometrics and human-tocomputer interaction (including robotics)