Lesson 4: Implement Identity and Access Management Flashcards
Define Confidentiality in authentication
If account credentials are leaked, threat actors can impersonate the account.
Define Integrity in authentication
Authentication mechanism is reliable and not easy for threat actors to bypass or trick with counterfeit credentials.
Define Availability in authentication
Time taken to authenticate does not impede workflows and is easy enough for users to operate.
Define an ‘authentication factor’
Different technologies for implementing authentication
List main authentication factors
Knowledge (username/password/PIN), ownership/token, and biometric/inherence.
Define the term ‘password best practices’
Policies to govern secure selection and maintenance of authentication factors; Secrets, such as length, complexity, age, and reuse, smart card, biometric ID.
Define the term ‘account policies’
Policies governing user security information, such as password expiration and uniqueness.
Define a ‘Password Length’ policy
Enforces a min/max length for passwords.
Define a ‘Password Complexity’ policy
Enforces password entropy; Enforces complex passwords that aren’t easy to crack.
What are examples of password complexity?
No use of a username within the password and a combination of at least eight uppercase/lowercase alphanumeric and non-alphanumeric characters.
Define a ‘Password Age’ policy
Forces the user to select a new password after a set number of days.
Define a ‘Password Reuse and History’ policy
Prevents the selection of a password that has been used already.
Define the purpose of ‘history’ attribute of a ‘Password Reuse and History’ policy
How many previous passwords are blocked from use.
Define the purpose of ‘minimum age’ attribute of a ‘Password Reuse and History’ policy
Prevents a user from quickly cycling through password changes to revert to a preferred phrase.
Define a ‘password manager’
Software that can suggest and store passwords to reduce risks from poor user choices and behavior.
What is the purpose of a password manager?
To mitigate risk of poor user credential management practices.
What are the main risks of using a password manager?
Selection of a weak master password, compromise of the vendor’s cloud storage or systems, impersonation attacks.
Define ‘multifactor authentication (MFA)’
Authentication scheme that requires the user to present at least two different factors as credentials.
Define an ‘ownership authentication factor’
Something unique you have; smart card, key fob, cryptographic token.
Define a ‘biometric/inherence authentication factor’
Something you are; Fingerprint, retinal scan, facial scan.
Define a ‘location-based authentication factor’
Somewhere you are; system applies a location-based factor to an authentication decision based on location/IP address.
What does it take to configure biometric authentication?
- A sensor module to acquire biometric samples
- Extraction module that creates a ‘template’/mathematical representation of the sample
Define the process of biometric authentication
A user is rescanned and the scan is compared to their initial template.
List the 3 metrics that are used to evaluate biometric authentication performance
- False Rejection Rate (FRR)
- False Acceptance Rate (FAR)
- Crossover Error Rate (CER)