Research Paper

profileskollipara1028
ch13.pptx

Chapter 13 Managing Identity and Authentication

Controlling Access to Assets

Assets:

Information, systems, devices, facilities, personnel

Comparing Subjects and Objects

The CIA Triad

Types of Access Control

Preventative Detective

Corrective Deterrent

Recovery Directive

Compensating

Administrative, logical/technical, physical

Comparing Identification and Authentication 1/5

Identification and Authentication

Registration and Proofing of Identity

Authorization and Accountability

Authentication Factors

Type 1: Something you know

Type 2: Something you have

Type 3: Something you are

Somewhere you are

Context-aware authentication

Comparing Identification and Authentication 2/5

Passwords

Strong passwords

Age, complexity, length, history

Passphrases

Cognitive

Smartcards

Common Access Card (CAC)

Personal Identity Verification (PIV) card

Comparing Identification and Authentication 3/5

Tokens

One-time passwords

Synchronous Dynamic Password Tokens

Asynchronous Dynamic Password Tokens

Two-step authentication

Hash message authentication code (HMAC)

Time-based One-Time Password (TOTP)

Email or SMS PIN challenge

Comparing Identification and Authentication 4/5

Biometrics

Fingerprints, face, retina, iris, palm, hand geometry, heart/pulse, voice, signature, keystroke

Errors:

Type 1: False Rejection Rate (FRR)

Type 2: False Acceptance Rate (FAR)

Crossover error rate (CER)

Enrollment

Reference profile/template

Throughput rate

Comparing Identification and Authentication 5/5

Multifactor Authentication

Device Authentication

Device fingerprinting

802.1x

Service Authentication

Application accounts

Implementing Identity Management 1/2

Centralized vs. decentralized

Single Sign-On

LDAP and PKI

Kerberos

KDC, TGT, ST

Federated Identity Management

Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML)

OAuth 2.0, OpenID, OpenID Connect

Scripted access

Implementing Identity Management 2/2

Credential Management Systems

Integrating Identity Services

Identity and access as a service (IDaaS)

Managing Sessions

AAA Protocols

Remote Authentication Dial-in User Service (RADIUS)

Terminal Access Controller Access-Control System (TACACS)

Diameter

Managing the Identity and Access Provisioning Lifecycle

Provisioning

Account Review

Excessive privilege

Privilege creep

Account Revocation

Conclusion

Read the Exam Essentials

Review the chapter

Perform the Written Labs

Answer the Review Questions