Chapter 2: Understanding Identity and Access Management Flashcards
What is Authentication?
The method(s) an individual uses to prove an identity.
What is Identification?
An action that occurs whenever a user makes a claim about their identity.
What does AAA stand for?
Authentication, Authorization, and Accounting.
What is the AAA process?
If a user can authenticate their identity, then the user is granted authorization to access resources based on their identity. Then their accounts are accounted for by tracking their activities in logs. AAA works together with identification.
What is an Audit Trail?
Created by collecting logs on activities and events which allow security professionals to recreate the events that preceded a security incident.
What are Authentication Factors?
The different methods used to authenticate a user.
What is “Something you know”?
It is an authentication factor that refers to a shared secret. Considered the least secure because secrets can be stolen.
What are examples of “Something you know”?
Passwords (length, expiration/age, history, manage/ etc).
What is Static Knowledge-based Authentication?
Typically used to verify identity when you’ve forgotten your password with question would know the answers to (e.g. mother’s maiden name).
What is Dynamic Knowledge-based Authentication?
Typically used to verify an individual’s identity without an account. Organizations query public and private data sources to ask questions (e.g. which high school did you attend)?
What is Identity Proofing?
It’s a security measure to confirm a new user’s identity when they are creating an account for the first time (e.g. collecting PII, checking official docs, etc).
What is an Account Lockout Threshold?
The maximum amount of times a user can enter their password incorrectly. Once the threshold is reached, the system locks the user’s account.
What is an Account Lockout Duration?
Indicates how long an account remains locked (could be a minute, could be indefinite until an admin unlocks the account).
What is “Something you have”?
It is an authentication factor that refers to something that you can physically hold.
What is a Smart Card?
Credit card-sized cards that have an embedded microchip and a certificate. They are often used with two-factor authentication.
What are Embedded Certificates?
They hold a user’s private key (only accessible to the user) and is matched with a public key (available to others). The private key is used each time the user log on to a network.
What is a Security Key?
An electronic device the size of a remove key for a car. It is used to authenticate to systems.
What is a Hard Token (Hardware token)?
An electronic device about the size of a remote key for a car. Displays a number on the screen which is used to authenticate a user.
What is a One-Time Password (OTP)?
A temporary, single-use code that’s used to verify your identity (proves you’re in possession of the token).
What is a Soft Token (Software Token)?
An application that runs on a user’s smartphone and generates a OTP.
What is HMAC-OTP?
An algorithm that changes the numeric code based on a moving counter. The server and token use the algorithm with a shared private key to generate the next code.
What is Time-based-OTP (TOTP)?
An algorithm that changes their code based upon the current time. The OTP they generate usually lasts only 30-60secs.
What is “Something you are”?
It is an authentication factor that refers to the use of biometrics for authentication.
What are Fingerprints?
Systems that use fingerprint scanners to read a person’s fingerprints to authenticate their identity.
What is Vein Matching?
Systems that authenticate a user using near-infrared light to view their vein patterns (usually on the palm).
What is Retina Imaging?
Systems that authenticate a user using retina scanners of one or both eyes. Unpopular because they are physically and medically intrusive.
What are Iris Scanners?
Systems that authenticate a user using infrared technology to capture the unique pattern of the iris around the pupil. They can take pictures from 3-10in away, avoiding physical contact.
What is Facial Recognition?
Systems that authenticate users based on their facial features which include the size, shape, and position of their eyes, nose, mouth, cheekbones, and jaw.
What is Voice Recognition?
Systems that authenticate users based on their speech. People’s voices differ from others due to the varying sizes of everyone’s mouth and throat.
What is a Gait Analysis?
Systems that authenticate users based on the way they walk/run.
What is considered the best biometric method of authentication?
Both retina and iris. However, iris is preferred because it’s less intrusive.
What is a system’s Efficacy Rate?
Refers to the performance of the system under ideal conditions.
What is False Acceptance?
Whenever a biometric system incorrectly identifies a user as a register user.
What is False Acceptance Rate (FAR)?
Identifies the percentage of time of false acceptances occur.
What is False Rejection?
Whenever a biometric system incorrectly rejects a registered user.
What is False Rejection Rate (FRR)?
Identifies the percentage of times a false rejection occurs.
What is True Acceptance?
Whenever a biometric system correctly identifies a registered user.
What is True Rejection?
Whenever a biometric system correctly rejects an unknown user.
What is the Crossover Error Rate (CER)?
The point where the FAR crosses over with the FRR. A lower CER indicates that the biometric system is more accurate.
What happens if you tighten the biometrics system to avoid false accepts (security focus)?
You risk more false rejections, frustrating users.
What happens if you loosen the biometrics system (convenience)?
You risk more false accepts, increasing security risks.
What is “Somewhere you are”?
It is an authentication factor that refers to a user’s location for authentication.
What is Impossible Travel Time?
A method that identifies when a user’s account is accessed from locations within a time frame that’s not possible for normal travel.
What is Two/Dual-Factor Authentication?
An authentication method that uses a combination of two of the following authentication factors: something you know, have, are, or somewhere you are.
What is Multifactor Authentication?
An authentication method that uses two or more authentication factors (something you are, have, know, or somewhere you are).
What is Passwordless Authentication?
Eliminates passwords altogether and replaces them with another authentication factor (no something you know methods).
What are Authentication Logs?
Used to track successful/unsuccessful login attempts and contain what happened, when it happened, where it happened, and who or what did it.
What is Account Management?
The process of creating, managing, disabling, and terminating accounts.
What are Credential Policies?
Define the login policies for different personnel, devices, and accounts.
What is Privileged Access Management (PAM)?
Allows organizations to apply more stringent security controls over elevated accounts to reduce the risk of insider threats, protect against external cyberattacks, meet compliancy requirements, and enhance visibility and control over critical systems.
What are some of the capabilities of PAM?
Allowing users to access the privilege account without knowing the password. Automatically changing the privilege account passwords periodically. Limiting the time users can use the privilege account. Allow users to check out credentials. Log all access of credentials.
What are Temporal Accounts?
They are temporary administrative accounts that are issued for a limited period of time.
What is Just-in-time permissions?
A practice that limits user access to resources and systems to predetermined time periods.
Why isn’t it a good idea to have shared and generic accounts?
If multiple users share a single account, you cannot implement authorization controls (AAA).
What is Deprovisioning?
The process used to disable a user’s account when they leave the organization.
What are some examples of a good disablement policy?
Disabling the accounts of terminated employees (both resigned and fired), those on leave of absence, and eventual account deletion once the account is no longer necessary.
What is a Time-based login?
Ensures that users can only log on to computers during specific times. AKA time-of-day restrictions.
What are Account Audits?
They analyze the permissions and rights assigned to users and help enforce the least privilege principle.
What is Privilege Creep?
When users gradually accumulate more access rights than they need to perform their jobs.
What is Attestation?
The formal process for reviewing user permissions.
What is Single Sign-on (SSO)?
An authentication service where a user can log-in once and access multiple systems without logging on again.
What is a Federation?
A system where multiple organizations agree to trust each other’s authentication, allowing users to access multiple services with a single set of credentials.
What is the Security Assertion Markup Language (SAML)
An open standard that enables secure, single sign-on (SSO) by allowing identity providers to share authentication and authorization data with service providers.
What doesn’t SSO provide?
SSO does not provide authorization.
What is OAuth?
An open standard that allows users to grant websites or apps limited access to their resources without sharing their password.
What doesn’t OAuth provide?
OAuth does not provide authentication.
In the context of authorization models, what are Subjects?
They are typically users or groups that access an object. On occasion, the subject may be a service.
In the context of authorization models, what are Objects?
They are items such as files, folders, shares, and printers that subjects access.
What is Role-based Access Control (role-BAC)?
A security model where user access is determined by their role, assigning permissions based on job responsibilities.
What is Rule-based Access Control (rule-BAC)?
A security model that grants or denies access based on predefined rules or conditions; such as time, location, or specific actions.
What is Discretionary Access Control (DAC)?
A security model where the resource owner decides who can access or modify their resources.
What is a Security Identified (SID)?
A long string of numbers beginning with the letter S and separated by a series of dashes. They are used as identifiers for a user, user group, or other security principal.
What is Mandatory Access Control?
A strict security model where access is controlled by a central authority based on classifications and security policies (uses labels to determine access).
Name an OS that uses the MAC Scheme.
Security-enhanced Linux (SELinux).
What is Attribute-based Access Control?
A security model where access decisions are based on the attributes of users, resources, and the environment rather than roles or rules.
When analyzing authentication logs, what are some things you should be looking for?
Account lockouts, concurrent session usage, impossible travel time, blocked content, resource inaccessibility, and log anomalies.
