IAM Solutions & Vulnerabilities and Attacks

What is Identity and Access Management (IAM)?

A security framework ensuring the right individuals have access to the right resources at the right time.

What are the four core processes of IAM?

Identification, Authentication, Authorization, Accounting (Auditing)

What is identification in IAM?

The process where a user claims an identity, typically using a username or email.

Why is identification important in IAM?

It ensures the legitimacy of users, such as matching billing and delivery addresses in e-commerce.

What is authentication in IAM?

Verifying a user's identity by validating credentials (e.g., passwords, biometrics, MFA).

What does authorization determine?

A user’s permissions and access levels after authentication.

How does authorization work in an organization?

HR employees access personnel files, while finance employees access financial data.

What is accounting (auditing) in IAM?

Tracking and recording user activities to detect incidents, vulnerabilities, and provide breach evidence.

What is provisioning in IAM?

Creating new user accounts and assigning permissions (e.g., onboarding employees).

What is deprovisioning in IAM?

Removing access rights when no longer needed, preventing unauthorized access.

What is identity proofing?

Verifying a user’s identity before account creation using trusted sources or ID verification.

What is interoperability in IAM?

The ability for different systems to share authentication and authorization data.

What standards enable IAM interoperability?

SAML (Security Assertion Markup Language) and OpenID Connect.

What is attestation in IAM?

Validating that user accounts and access rights are correct and up-to-date.

Why is attestation necessary?

It ensures users have minimal necessary access, preventing excessive privileges.

Why is IAM crucial for enterprise security?

It manages risks related to processing, storage, and transmission of information.

What additional IAM concepts enhance security?

Provisioning, Identity Proofing, Interoperability, Attestation.

What is Multifactor Authentication (MFA)?

A security system that requires more than one authentication method from independent credential categories to verify a user’s identity.

What is the main goal of MFA?

To create a layered defense against unauthorized access to devices, networks, and databases.

What are the five categories of authentication factors in MFA?

- Something You Know (Knowledge-Based)

- Something You Have (Possession-Based)

- Something You Are (Inherence-Based)

- Somewhere You Are (Location-Based)

- Something You Do (Behavior-Based)

What is an example of a Knowledge-Based authentication factor?

Passwords, PINs, security questions (e.g., unlocking a device with a PIN).

What is an example of a Possession-Based authentication factor?

Smart cards, hardware tokens (e.g., using a smart card and PIN to access a laptop).

What is the difference between hardware and software tokens?

- Hardware tokens → Generate unique authentication codes.

- Software tokens → Apps like Google Authenticator create time-based codes.

What is an example of an Inherence-Based authentication factor?

Biometrics, such as fingerprints and facial recognition (e.g., Face ID).

How does location affect authentication?

MFA can restrict access to users within a specific geographic area using IP address or GPS.

What does a Behavior-Based authentication factor analyze?

User behavior patterns, such as keystroke dynamics and mouse movements.

What are the three types of authentication methods?

- Single-Factor Authentication → Uses only one method (e.g., password).

- Two-Factor Authentication (2FA) → Uses two different factors (e.g., password + smartphone code).

- Multifactor Authentication (MFA) → Uses two or more factors for verification.

How does MFA improve security?

It reduces the risk of unauthorized access, protecting against phishing and data breaches.

Why is password management important?

Weak passwords can compromise security; password managers help create and store strong passwords.

What are passkeys in authentication?

A newer passwordless authentication method, secured by device locks (e.g., biometrics).

Why are passkeys more secure than passwords?

They eliminate the need for remembering passwords and use device-based security.

How do passkeys use public key cryptography?

The private key is stored on the user’s device, while the public key is on the server, preventing exposure of sensitive information.

Why is MFA essential for security?

It provides stronger authentication than single-factor methods, helping protect information systems.

What is password security?

Measures the effectiveness of a password against guessing and brute-force attacks to ensure only authorized users access systems.

What tools are used to create password policies?

Group Policy Editor (local machines) and Global Policy Orchestrator (domain environments).

What are the five key considerations when creating password policies?

- Password Length

- Password Complexity

- Password Reuse

- Password Expiration

- Password Age

Why is password length important?

Longer passwords are harder to crack; recommended length is 12-16 characters.

How does password length affect security?

A 7-character password can be cracked in seconds, while a 20-character password may take months.

What makes a password complex?

Mixing uppercase and lowercase letters, numbers, and special characters.

Why is a password with symbols, numbers, and letters more secure?

It increases the number of possible combinations, making it harder to guess.

Why should passwords not be reused?

Reusing passwords across multiple accounts increases the risk of compromised access.

How do organizations prevent password reuse?

By implementing password history policies so users cannot quickly revert to old passwords.

What is password expiration?

Forcing users to change passwords after a set time (e.g., every 90 days).

What does NIST recommend about password expiration policies?

Reconsidering expiration rules unless a password manager is used.

What is password age in security?

How long a password has been in use before requiring a change.

Why set a minimum password age?

Prevents users from quickly cycling back to familiar passwords.

What are password managers used for?

Secure storage and management of passwords.

Name four key features of password managers.

- Password Generation – Creates strong, unique passwords.

- Autofill – Automatically fills in login credentials.

- Secure Sharing – Allows password sharing without revealing actual credentials.

- Cross-Platform Access – Available on multiple devices.

What is passwordless authentication?

A method that eliminates traditional passwords by using biometrics or hardware tokens.

What are passkeys?

Securely stored credentials that rely on device security features for authentication.

How do passkeys use public key cryptography?

The private key is stored on the user’s device, while the public key is on the server.

What are the five types of authentication factors?

- Something You Know – Passwords or PINs.

- Something You Have – Physical devices like tokens or smartphones.

- Something You Are – Biometric data (fingerprints, facial recognition).

- Something You Do – Behavioral patterns (keystroke dynamics).

- Somewhere You Are – Location-based verification (IP/GPS).

Why are strong password policies essential?

They help protect organizational data by minimizing risk from breaches.

What two methods improve password security beyond strong policies?

Multifactor authentication (MFA) and password management tools.

What are password attacks?

Methods used by attackers to crack or recover passwords.

What are four types of password attacks?

- Brute Force Attacks

- Dictionary Attacks

- Password Spraying

- Hybrid Attacks

How does a brute force attack work?

Tries every possible combination of characters until the correct password is foun

How long does it take to crack a 4-digit PIN with a brute force attack?

About a minute, since there are only 10,000 possible combinations.

What does a dictionary attack use?

A list of commonly used passwords to guess the correct one.

How have dictionary attacks changed over time?

They now use hacker dictionaries with variations (e.g., "password" → "P@ssw0rd").

What makes password spraying different from brute force attacks?

Tries a small number of common passwords across many accounts to avoid lockouts.

How does a hybrid attack work?

Combines brute force and dictionary attacks, starting with common passwords and adding variations.

What are four strategies to mitigate password attacks?

- Increase Password Complexity → Use letters, numbers, and special characters.

- Increase Password Length → Longer passwords take more time to crack.

- Limit Login Attempts → Prevents repeated guesses.

Why use password managers?

They create and store strong, unique passwords to prevent reuse and simplify management.

What is "John the Ripper"?

A popular password cracking tool used to identify weak passwords.

How does John the Ripper demonstrate password attacks?

It can create an MD5 hash and quickly crack weak passwords.

Why is understanding password attacks crucial?

It helps implement effective security measures.

What three security enhancements should organizations adopt?

- Strong password policies

- Password managers

- Enabling MFA

What is Single Sign-On (SSO)?

An authentication process allowing users to access multiple applications or websites with a single set of credentials.

Why is SSO beneficial for users?

It simplifies user experience and enhances productivity by reducing the need to remember multiple passwords

What is the foundation of SSO authentication?

A trusted relationship between an application and an Identity Provider (IdP).

What does the Identity Provider (IdP) do?

Manages identity information and provides authentication services to network applications.

What are the three main steps in SSO authentication?

- User logs into the primary IdP (e.g., Windows domain controller).

- Secondary application requests verification from the IdP.

- IdP confirms the user's identity, granting access without re-entering credentials.

What are four key benefits of using SSO?

- Improved User Experience – Users remember only one set of credentials.

- Increased Productivity – Saves time by eliminating multiple logins.

- Reduced IT Support Costs – Fewer password reset requests.

- Enhanced Security – Encourages stronger passwords and reduces reuse.

What are three protocols used for SSO?

- LDAP (Lightweight Directory Access Protocol)

- OAuth (Token-Based Authentication)

- SAML (Security Assertion Markup Language)

What is LDAP used for in SSO?

Accessing and maintaining directory services over an IP network.

How does LDAP support SSO?

It shares user credentials across multiple services, enabling seamless authentication.

What is OAuth?

An open standard for token-based authentication and authorization.

How does OAuth improve authentication security?

Users log into third-party services without sharing passwords, relying on authorization tokens.

What does the OAuth authorization server do?

Processes authorization requests and issues access tokens.

What does SAML do in SSO authentication?

Allows users to log into applications based on existing session authentication.

How does SAML verify a user’s identity?

It redirects users to the IdP for authentication, then confirms their identity to the service provider.

Why is SSO essential for usability and security?

It allows users to authenticate once and access multiple services, improving efficiency and protection.

Why is understanding protocols like LDAP, OAuth, and SAML important?

They are essential for implementing effective SSO solutions

What is Federation in Identity and Access Management (IAM)?

Federation allows linking of electronic identities across multiple identity management systems, enabling users to log into various systems with the same credentials.

What is Federation based on?

Trusted relationships between different systems.

What does an Identity Provider (IdP) do in a federated system?

Verifies user identity and provides authentication services to the system.

What are two major benefits of Federation for organizations?

- Extends access beyond an organization’s network (includes partners, suppliers, and customers).

- Simplifies account management by allowing external authentication without creating new accounts.

What are the six steps in a federation login process?

- Login Initiation – User accesses a service and chooses to log in.

- Redirection to IdP – Service provider redirects the user to the IdP.

- User Authentication – User enters credentials, which the IdP validates.

- Generation of Assertion – IdP creates a token with identity details.

- Return to Service Provider – User is redirected back with the assertion.

- Verification and Access – Service provider validates the assertion and grants access.

What are three key benefits of Federation?

- Simplified User Experience – Users remember only one set of credentials for multiple services.

- Reduced Administrative Overhead – Organizations don’t need to manage individual accounts for external users.

- Increased Security – Reduces password reuse risks and ensures secure authentication

What protocols are commonly used for Federation?

SAML, OAuth, and OpenID Connect for authentication and authorization.

How does SAML support Federation?

Redirects users to an IdP for authentication and confirms identity to the service provider.

What does OAuth do in a federated system?

Provides token-based authentication, allowing users to log in without sharing passwords.

How does OpenID Connect enhance Federation?

Adds user authentication on top of OAuth, making SSO implementation easier.

What are the key advantages of Federation in IAM?

- Enhances user convenience and security.

- Reduces IT costs while improving overall security.

What is Privileged Access Management (PAM)?

A security solution designed to restrict and monitor privileged accounts within an IT environment.

Why is PAM important for organizations?

It prevents the malicious abuse of privileged accounts and mitigates risks from weak privilege configuration.

How does PAM help prevent data breaches?

By enforcing the principle of least privilege, ensuring users only have necessary access for their roles.

What are the three main components of PAM?

- Just-in-Time (JIT) Permissions

- Password Vaulting

- Temporal Accounts

What is the concept of JIT Permissions?

A security model where administrative access is granted only when needed and for a limited duration.