Research Paper
Chapter 13 Managing Identity and Authentication
Controlling Access to Assets
Assets:
Information, systems, devices, facilities, personnel
Comparing Subjects and Objects
The CIA Triad
Types of Access Control
Preventative Detective
Corrective Deterrent
Recovery Directive
Compensating
Administrative, logical/technical, physical
Comparing Identification and Authentication 1/5
Identification and Authentication
Registration and Proofing of Identity
Authorization and Accountability
Authentication Factors
Type 1: Something you know
Type 2: Something you have
Type 3: Something you are
Somewhere you are
Context-aware authentication
Comparing Identification and Authentication 2/5
Passwords
Strong passwords
Age, complexity, length, history
Passphrases
Cognitive
Smartcards
Common Access Card (CAC)
Personal Identity Verification (PIV) card
Comparing Identification and Authentication 3/5
Tokens
One-time passwords
Synchronous Dynamic Password Tokens
Asynchronous Dynamic Password Tokens
Two-step authentication
Hash message authentication code (HMAC)
Time-based One-Time Password (TOTP)
Email or SMS PIN challenge
Comparing Identification and Authentication 4/5
Biometrics
Fingerprints, face, retina, iris, palm, hand geometry, heart/pulse, voice, signature, keystroke
Errors:
Type 1: False Rejection Rate (FRR)
Type 2: False Acceptance Rate (FAR)
Crossover error rate (CER)
Enrollment
Reference profile/template
Throughput rate
Comparing Identification and Authentication 5/5
Multifactor Authentication
Device Authentication
Device fingerprinting
802.1x
Service Authentication
Application accounts
Implementing Identity Management 1/2
Centralized vs. decentralized
Single Sign-On
LDAP and PKI
Kerberos
KDC, TGT, ST
Federated Identity Management
Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML)
OAuth 2.0, OpenID, OpenID Connect
Scripted access
Implementing Identity Management 2/2
Credential Management Systems
Integrating Identity Services
Identity and access as a service (IDaaS)
Managing Sessions
AAA Protocols
Remote Authentication Dial-in User Service (RADIUS)
Terminal Access Controller Access-Control System (TACACS)
Diameter
Managing the Identity and Access Provisioning Lifecycle
Provisioning
Account Review
Excessive privilege
Privilege creep
Account Revocation
Conclusion
Read the Exam Essentials
Review the chapter
Perform the Written Labs
Answer the Review Questions