Identity and Access Management Flashcards
NTFS file permissions
full control modigy read and execute read write special permissions
ACL
-List of information to handle how everyone is given access
Access Control List
Federated Sytstem
System that is trusted by the domain
Samba
Allows Linux machines to use Active Directory
KDC
-Windows Domain Controller is known as KDC
Key Distribution Center
PIV card
-Picture and Identification information
Personal Identity Verification card
Windows File Permissions
-moving files on same hard drive to a new location what happens to permissions?
Keeps permissions
Linux File Permissions
D RWX RWX RWX
- Directory
- Owner
- Group
- Everyone
Multifactor Authentication
Using more than one authentication factor
ex: finger print and password
Linux command for editing permissions
chmod
O= everyone (stands for other)
G= group
A= all 3 catergories
Kerberos
Authentication protocol used to authenticate to windows domain controller
-Uses port 88
NTFS folder permissions
full control modigy read and execute list folder content read write special permissions
PAP
- Sends username and password in the clear
- Not used very often anymore
Password Authentication Protocol
Implicit Deny
Always denies unless told otherwise
AAA
Authentication
Authorization
Accounting
CHAP
- Uses a hash value to authenticate
- Sends the hash to whoever is trying to get authenticated as the challenge - they have to recreate the hash using the same shared key and send back as proof
Challenge-Handshake Authentication Protocol
SAML
- Used for web applications
- Single Sign-On allows access between an identity provider and a service provider
Security Assertion Markup Language
Linux permissions (numbers = permissions)
0 = --- 1 = --x 2 = -w- 3 = -wx 4 = r-- 5 = r-x 6 = rw- 7 = rwx
File system that doesn’t support windows permissions
Fat32
Linux command for changing owner
sudo chown
Windows system for passwords and general management
-Usually for that particular local machine
Local Security Policy
RBAC
- Most common
- Access to resources is defined by your role
Role-Based Access Control
Windows File Permissions
-copying files from drive letter to another drive letter on the same hard drive what happens to permissions?
Loses permissions
Rights and Privileges
Mostly used for system function access
MAC
-Labels “top secret”
Mandatory Access Control
TGT
-Shows that you’re authenticated to domain
Ticket Granting Ticket
TACACS+
- Decouples the authorization from the authentication
- Uses TCP port 49
Terminal Access Controller Access-Control System Plus
LDAP
- Used to access other directories/resources
- More of a language than authentication protocol
Lightweight Directory Access Protocol
-Uses TCP and UDP port 389
RADIUS -Used in wireless authentication -Can use ports: 1812 1813 1645 1646
Remote Authentication Dial-In User Service
RSA Key
Software/key that stores a secret code that changes every so often - “something you have”
Authorization
What rights you have to the system once you’ve been authenticated
CAC card
-Picture and Identification
Common Access Card
Least Privilege
Always give the least amount of privilege to users for them to do their job
RADIUS client
Gateway for server and user
NTLM
- Like CHAP but both ways
- Client and server each challenge the other side with a hash value
NT Lan Manager
HOTP
-fob creates single use code using key and counter
HMAC-based One-Time Password algorithm
Identification
Proves who you are to the authenticating system
Group Policy Objects Management
Found in Active Directory
Can be applied to domains/individual sites/groups
What are the 5 Authentication Factors
- Something you know - password
- Something you have - smartcard/key fob
- Something about you - retinal scanners
- Something you do - rhythm of typing can be used
- Somewhere you are - geography/zip code getting gas
RADIUS server
Holds or has access to passwords/usernames
Authentication
Proving you have the rights to that system
ex: password
Windows File Permissions
-copying files from drive to another drive what happens to permissions?
Loses permissions
Linux command for changing password
sudo passwd
Inheritance
When you give a folder permissions, anything created in that folder will have mirrored permissions with options greyed out
Permissions
Usually handled in groups for organizations - more used for files and resources
RADIUS supplicant
Person or system trying to get authenticated
Captcha
Used on websites - wonky lettering or pictures you have to identify to prove you’re not a bot - “something you know”
DAC
-Whoever created data defines access
Discretionary Access Control
TOTP
-fob creates single use code using key and time of day
Time-based One-Time Password algorithm