Section 4.6 Flashcards
What is IAM?
Identity and Access Management (IAM) is responsible for determining access control for someone or something (human or non human). The entity has to authenticate and then the authorization is provided based on the entity. Once authenticated, the entities activity is monitored throughout its lifetime.
What is SSO?
Single Sign On (SSO) is the process of providing credentials one time and getting access to all available and assigned resources. No additional authentication is required.
This is usually limited by time, for example the sign on will be valid for 24 hours and then the user would have to sign on again.
What is LDAP?
Lightweight Directory Access Protocol (LDAP) is a protocol that helps manage and access user information and other directory data in a network. It’s like a digital phone book, allowing users and applications to look up and manage resources, authenticate users, and enforce security policies, all from a centralized location.
What is SAML?
Security Assertion Markup Language (SAML) allows for the authentication of a user to a third party database.
SAML was not originally designed to work for mobile apps so this has been a large roadblock for SAML.
What is OAuth?
OAuth is an authorization framework that determines what resources a user will be able to access.
What is Federation?
Federation allows network access without using a local authentication database. Third parties can establish a federated network, for example you can log in to an account using your facebook or gmail credentials.
What is a MAC?
Mandatory Access Control (MAC) labels every object with a specific category for example Confidential, Secret, Top Secret, etc. This allows admins to determine which use gets access to which label, for example a director might have access to Secret objects.
What is DAC?
Discretionary Access Control (DAC) is used in most Operating systems and allows the owner of the data to give permissions on who gets access to the data. For example if a user creates a spreadsheet, they decide who gets access to this spreadsheet.
What is RBAC?
Role Based Access Control (RBAC) is based on the job function to provide permission to specific data. For example, a manager will have certain rights and permissions and so on.
What is ABAC?
Attribute Based Access Control (ABAC) uses many different criteria to determine if a user has access to data or not. It evaluates many type of criteria for example IP address, relationship to data, time of day, user type, etc.
What is “something you know” when it comes to authentication?
It can be a password, pin, pattern.
What is “something you are” when it comes to authentication?
It can be biometric authentication such as Fingerprint, Iris scan, voice print.
What is “somewhere you are” when it comes to authentication?
It is the location in which you are when youre trying to authenticate.
What is “something you have” when it comes to authentication?
It can be a smart card, access card, usb security key, sms text, etc.
What is Just-in-time permissions?
Just in time permission allows someone like a technician to get admin access for a limited amount of time. This also applies the principle of least privilege to make sure the technician can only access what they need to perform. Just in time permission makes it possible to remove the permission after an amount of time has passed.
