Identity access Management Flashcards
AAA
- Authentication is the process of verifying an identity that has already been established in a computer system.
- Authorization is the process of permitting or denying access to specific resource.
- Accounting is the process of “ascribing resource usage by account for the purpose of tracking resource utilization.” It’s also very handy for forensics after a security incident has occurred.
Identity Federation
All of the policies, protocols and practices to manage this identity information across systems, or even across organizations, is called identity federation.
Single sign-on
When you can use a set of credentials for authentication between systems.
Transitive trust
When given domains trust each other, authentication for one domain can be trusted by the other domain.
Lightweight Directory Access Protocol (LDAP)
Used to handle user authentication, authorization, and to control access to Active Directory objects.
Directory
Directories are a form of data storage. They’re like databases, but not quite. Unlike a database, directories are designed to provide efficient data-retrieval services (reads).
Kerberos
Kerberos is a network authentication protocol meant for client/server environments. It’s able to securely exchange symmetric keys over an insecure network.
TACACS+
Client/server protocol that operates using TCP (port 49). It separates out authentication, authorization, and accounting.
Chap/MSCHAP
Challenge Handshake Authentication Protocol. MSCHAP is for Microsoft.
Password Authentication Protocol (PAP)
Two-way handshake that establishes authentication.
RADIUS
Remote Authentication Dial-In User Service. Another protocol that handles authentication, authorization and accounting.
MAC - Access Control Model
The Mandatory Access Control model is used in environments with different levels of security classifications. Least Privilege.
DAC - Access Control Model
Discretionary access control. A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.
ABAC - Access Control Model
Attribute-based access control. What is an attribute? It’s things like user attributes (specific to a job), object attributes, and environmental attributes.
Role-based access control Model (RBAC)
This can be used in conjunction with other methods. For example, you might want to use a MAC method, but also restrict access after a certain time of day.