4.6 Flashcards
IAM
Identity and access Management
Makes sure right individuals have right access to right resources for right reasons
Components of IAM
network access control
password management
digitial identity management
IAM Process
Identification - claiming identity
Authentication
Authorization - uses role based access control often
accounting
SSO
user authentication service using one set of credentials for multiple apps
Technologies for SSO
LDAP
OAUTH
SAML
Federation
Sharing and using identities across multiple systems or organizations
PAM
priviledged access management
- JIT permissions just in time
password vaulting
temporal accounts
Access Control Models
MAC mandatory access control
DAC discretionary
Role bAC role based
Rule based access control
ABAC attribute based
Identity Proofing
process of verifying a user’s identity before creating an account
drivers license verification or passport examples
Attestation
validating that user accounts and access rights are correct and up to date
involves regular reviews and audits or user accounts
Interoperability
ability of different systems and apps to work together to share information
in IAM it can involve SAML or OpenID Connect for secure authentication and authorization
Passkeys
Passwordless authentication
invovles creating a passkey by device authentication methods like fingerprint or facial recognization
LDAP
lightweight directory access protocol
used to access and maintain distributed directory information
can share user info across network devices
OAuth
open standard for token based authentication and authorization
allows third party services to access user account info without exposing passwords
often used in restful apps
uses json web tokens JWT
SAML
Security Assertion markup langugae
standard for logging users into apps based on sessions in another contect
Federation
links electronic identities and attributes across multiple identity management systems
enables users to use the same credentials for login across systems managed by different orgs
based on trusted relationship between systems
PAM
privileged access management
solution that restricts and monitors priviledged access within an IT environment
tools used to prevent malicious abuse of privileged accounts
JIT Permissions
just in time
grants admin access only when needed for a specific task
Temporal Account
time limited privileges accounts
MAC
uses security labels to authorize resources
access is granted if user label is equal or higher than the resource’s label
DAC
discretionary access control
resource owners specify which users can access their resources
RBAC
role based access control
assigns users to roles and assigns permissions to roles
mimics orgs hierarchy
enforces minimum privileges
Rule Based Access Control
uses security rules or access control lists
policies can be changed quickly
applied across multiple users on a network segmentA
ABAC
attribute based access control
includes user attributes like name, and Org ID
environmental variables, time of access data location etc and resource attributes like resource owner, rile name and data sensitivity
UAC
user account control
a mechanism designed to ensure that actions requiring admin rights are explicitly authorized by the user
