Identity and Access Management (IAM) Solutions Flashcards
What does Identity and Access Management (IAM) ensure?
Right individuals have right access to right resources for right reasons
What are the components of IAM?
- Password Management
- Network Access Control
- Digital Identity Management
What does the acronym IAAA stand for in IAM processes?
Identification, Authentication, Authorization, and Accounting
What is the purpose of Identification in IAM?
Claiming identity, e.g., username, email address
What is Authentication in IAM?
Verifying user, device, or system identity
What does Authorization determine after authentication?
User permissions
What is Accounting in IAM?
Tracking and recording user activities
What are the IAM processes?
- Provisioning
- Deprovisioning
- Identity Proofing
- Interoperability
- Attestation
What are the factors of Multi-Factor Authentication (MFA)?
- Something you know
- Something you have
- Something you are
- Something you do
- Somewhere you are
What are examples of MFA implementations?
- Biometrics
- Hard tokens
- Soft tokens
- Security keys
- Passkeys
What are best practices for Password Security?
- Password policies
- Password managers
- Passwordless authentication
What types of Password Attacks exist?
- Spraying Attacks
- Brute Force Attacks
- Dictionary Attacks
- Hybrid Attacks
What is Single Sign-On (SSO)?
User authentication service using one set of credentials for multiple applications
What technologies are used in SSO?
- LDAP
- OAuth
- SAML
What is Federation in IAM?
Sharing and using identities across multiple systems or organizations
What does Privileged Access Management (PAM) involve?
- Just-in-Time (JIT) Permissions
- Password Vaulting
- Temporal Accounts
What are the different Access Control Models?
- Mandatory Access Control
- Discretionary Access Control
- Role-based Access Control
- Rule-based Access Control
- Attribute-based Access Control
What is the purpose of Provisioning in IAM?
Creating new user accounts, assigning permissions, and providing system access
What does Deprovisioning mean in IAM?
Removing access rights when no longer needed
What is Identity Proofing?
Verifying a user’s identity before creating their account
What is Interoperability in IAM?
Ability of different systems, devices, and applications to work together and share information
What is Attestation in IAM?
Validating that user accounts and access rights are correct and up-to-date
What is the definition of Multi-Factor Authentication (MFA)?
A security system requiring multiple methods of authentication from independent categories of credentials
What are the five categories of authentication for MFA?
- Something You Know
- Something You Have
- Something You Are
- Somewhere You Are
- Something You Do
What is a Single Factor Authentication?
Uses one authentication factor to access a user account
What is Two Factor Authentication (2FA)?
Requires two different authentication factors to gain access
What is Passwordless Authentication?
An alternative to traditional passwords for authentication
What are the five characteristics of Password Policies?
- Password Length
- Password Complexity
- Password Reuse
- Password Expiration
- Password Age
What does Password Length refer to?
Longer passwords are harder to crack
What does Password Complexity involve?
Combines uppercase and lowercase letters, numbers, and special characters
What is the risk of Password Reuse?
Increases vulnerability
What does Password Expiration require?
Users to change passwords after a specific period
What are Password Managers?
Tools for storing and managing passwords securely
What are some methods of Passwordless Authentication?
- Biometric Authentication
- Hardware Token
- One-Time Passwords (OTP)
- Magic Links
- Passkeys
What are the types of password attacks?
- Brute Force
- Dictionary
- Password Spraying
- Hybrid
What is a Brute Force Attack?
Tries every possible character combination until the correct password is found
What is a Dictionary Attack?
Uses a list of commonly used passwords to crack passwords
What is Password Spraying?
Tries a few common passwords against many usernames or accounts
What is a Hybrid Attack?
Combines elements of brute force and dictionary attacks
What is the function of Single Sign-On (SSO)?
Allows users to access multiple applications with one set of credentials
What protocols are used in Single Sign-On (SSO)?
- LDAP
- OAuth
- SAML
What does Federation enable?
Use the same credentials for login across systems managed by different organizations
What is the first step in the Federation Process?
User accesses a service or application and chooses to log in
What is Just-In-Time (JIT) Permissions?
Grants administrative access only when needed for a specific task
What does Password Vaulting do?
Stores and manages passwords securely
What are Temporal Accounts?
Temporary accounts used for time-limited access to resources
What is Mandatory Access Control (MAC)?
Uses security labels to authorize resource access
What is Discretionary Access Control (DAC)?
Resource owners specify which users can access their resources
What does Mandatory Access Control (MAC) use to authorize resource access?
Security labels
MAC requires assigning security labels to both users and resources.
In Mandatory Access Control, access is granted only if the user’s label is _______ the resource’s label.
equal to or higher than
Who specifies which users can access resources in Discretionary Access Control (DAC)?
Resource owners
DAC allows resource owners to grant access to specific users.
What does Role-Based Access Control (RBAC) assign to users?
Roles
RBAC assigns permissions to roles that mimic the organization’s hierarchy.
What is enforced by Role-Based Access Control?
Minimum privileges
What does Rule-Based Access Control use to determine access?
Security rules or access control lists
What type of access control considers user, environment, and resource attributes?
Attribute-Based Access Control (ABAC)
What are some examples of User Attributes in ABAC?
- User’s name
- Role
- Organization ID
- Security clearance
What are some examples of Environment Attributes in ABAC?
- Time of access
- Data location
- Current organization’s threat level
What is the purpose of Time-of-Day Restrictions in access control?
Limits access based on specific time periods
What does the Principle of Least Privilege state?
Users are granted the minimum access required to perform their job functions
What can help prevent unauthorized access during non-working hours?
Time-of-Day Restrictions
What defines the levels of access that users have?
Privileges
What type of account allows high levels of access for administrative tasks?
Local Administration Account
What can Standard User Accounts not do?
Change system settings
What is User Account Control (UAC) designed to do?
Ensure actions requiring administrative rights are explicitly authorized by the user
File and folder permissions can also apply to _______.
Groups of users
How can you access file and folder permissions in Windows?
Right-click on a file or folder, select ‘Properties’, navigate to the ‘Security’ tab
Always ensure to only give out the necessary _______.
Permissions
