L16: IAM - Authentication and Authorization

0.0(0)

Studied by 0 people

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Card Sorting

1/23

There's no tags or description

Looks like no tags are added yet.

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

24 Terms

New cards

Identity and Access Management (IAM)

Manage digital identities and access rights across an organization

New cards

core components of IAM

Authentication
Authorization
ID governance and lifecycle management
Privileged account management

New cards

authentication

verifying users’ claimed identities

New cards

factors of authentication

something you know (password)
something you have (token, smart card)
something you are (biometrics)

New cards

entropy

measure of password unpredictability

New cards

what increases entropy?

a longer password with varied character types

New cards

common password attacks

brute-froce
rainbow table
credential stuffing

New cards

rainbow table attack

uses a precomputed table of password hashes to quickly find the corresponding plaintext passwords

New cards

credential stuffing

automatic injection of stolen usernames and passwords in hopes that one works

New cards

mitigation of password attacks

store passwords securely
strong cryptographic hashing algorithms
use Password-Authenticated Key Exchanges (PAKEs)

New cards

how to store passwords securely

hash passwords
use salts

New cards

recommended hashing algorithms

argon2, bcrypt, scrypt, pbkdf2

New cards

examples of biometrics

facial recognition, iris scans

New cards

strengths of biometrics

difficult to replace, user-friendly

New cards

risks of biometrics

false positives/negative
irrevocability if compromised

New cards

multi-factor authentication (MFA)

use 2+ different authentication factorsad

New cards

advantages of MFA

reduces risks from password theft
highly effective in preventing unauthorized access

New cards

challenges of MFA

user inconvenience
implementation complexity

New cards

role based access control (RBAC)

access right assigned based on predefined roles

New cards

advantages of RBAC

efficient
manageable
reduce errors

New cards

limitations of RBAC

less flexible when handling specific exceptions

New cards

attribute based access control (ABAC)

use dynamic policies based on attributes

New cards

advantages of ABAC

flexible
granular control

New cards

challenges of ABAC

difficulty of initial policy setup
complex to manage

Explore top notes

Chapter 12: The Federal Republic of Nigeria

Updated 765d ago

Note

Chapter 14: Energy Conversion - Mitochondria and Chloroplasts

Updated 673d ago

Note

learning and motivation 2/2/22

Updated 969d ago

Note

AFPF casus 6

Updated 118d ago

Note

Ludi circenses: wagenrennen in het Circus Maximus

Updated 891d ago

Note

AP statistics chapter 5 Stats modeling the world third edition by David E. Bock

Updated 1052d ago

Note

The Art and Science of Astronomy

Updated 864d ago

Note

Unit 6: Africa, 1100–1980 CE

Updated 770d ago

Note

Explore top flashcards

Reproductive system lecture

Updated 827d ago

Flashcards (95)

Unit 5 key people and concepts

Updated 544d ago

Flashcards (20)

Psychology Chapter Six

Updated 806d ago

Flashcards (52)

Biochem - Lecture 4 Learning Objectives

Updated 212d ago

Flashcards (73)

Wykład 1 Zagospodarowanie obszarów chronionych

Flashcards (59)

Flashcards (24)

Flashcards (924)

Pollution, Global Warming, & Climate Change

Updated 607d ago

Flashcards (44)