Section 17: IAM Solutions

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/37

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

38 Terms

1
New cards

identity and access management (IAM)

ensures the right access for the right people at the right times

  • identification, authentication, authorization, accounting

2
New cards

provisioning

creating new user accounts, assigning permissions, and providing system access

3
New cards

deprovisioning

removing an individuals’ access rights when the rights are no longer required

4
New cards

identity proofing

verifying the identity of a user before the account is created

5
New cards

interoperability

the ability of different systems, devices, and apps to work together and share info

  • ex. SAML, OpenID Connect

6
New cards

attestation

validating that user accounts and access rights are correct and up to date

  • involves regular reviews and audits

7
New cards

5 categories of authentication for multi-factor authentication (MFA)

  1. something you know—-knowledge based

  2. something you have—-possession based

  3. something you are——inherence based

  4. somewhere you are—-location based

  5. something you do—-behavior based

8
New cards

passkeys

passwordless authentication used as an alternative to traditional passwords

  • utilize public key cryptography

9
New cards

password security

measures the effectiveness of a password in resisting guessing and brute-force attacks

10
New cards

password length reccommendation

at least 12-16 characters

11
New cards

password managers

store, generate, offer cross-platform access, and autofill passwords to enhance security

12
New cards

cross-platform access

cross-device compatibility, allowing access to passwords from any location or device

13
New cards

biometric authentication

verifies identity through distinct biological characteristics like fingerprints and faceID

14
New cards

hardware token

physical device, like a security key, that generates ever-changing login codes

15
New cards

magic links

one-time links sent via email for automatic login

16
New cards

brute force attacks

tries every possible combination of characters until the correct password is found

17
New cards

dictionary attack

uses a list of commonly used passwords to crack passwords

18
New cards

password spraying

a form of brute force attack the tries a few common passwords against many usernames or accounts

  • effective because it avoids account lockouts

19
New cards

hybrid attack

combination of brute force and dictionary attacks

20
New cards

single sign-on (SSO)

authentication process that allows a user to access multiple apps or websites by logging in only once with a single set of credentials

21
New cards

identity provider (IdP)

system that creates, maintains, and manages identity info for principals while providing authentication services to relying apps within a federation or distributed network

  • validates user identity using stored credentials

22
New cards

lightweight directory access protocol (LDAP)

used to access and maintain disttributed directory information services over an IP network

23
New cards

open authorization (OAuth)

open standard for token-based authentication and authorization that allows an individual’s account info to be used by third party services without exposing the user’s password

24
New cards

security assertion markup language (SAML)

a standard for logging users into apps based on their sessions in another context

  • redirects users to and IdP for authentication

25
New cards

federation

links electronic identities and attributes to store information across multiple distinct identity management systems

  • enables users to use the same credentials for login across systems managed by different organizations

26
New cards

priviledged access management (PAM)

helps organizations restrict and monitor privileged access within an IT environment

27
New cards

just-in-time permissions (JIT)

security model where administrative access is granted only when needed for a specific task

28
New cards

password vaulting

stores and manage passwords in a secure environments, often in a digital vault

  • requires MFA to access passwords

29
New cards

temporal accounts (temporary accounts)

provides time-limited access to resources, and they are automatically disabled/deleted after a certain period of time

30
New cards

mandatory access control (MAC)

uses security labels to authorize user access to specific resources

  • label must be assigned to both the resource and the user

31
New cards

discretionary access control (DAC)

resource’s owner determines which users can access each resource

32
New cards

role-based access control (RBAC)

assigns users to roles and uses these roles to grant permissions to resources

  • controls and enforces minimal privileges

33
New cards

rule-based access control (RBAC)

uses security rules or access control lists

  • enables admins to apply security policies to all users

34
New cards

attribute-based access control (ABAC)

uses object characterisitics (user, environment, resources) for access control decisons

35
New cards

time-of-day restrictions

restricts resource access based on request times

  • prevents unauthorized access during non-working hours

36
New cards

principle of least privilege

granting users the minimum access required for their tasks, without extra priviliges

37
New cards

permission creep (authorization creep)

occurs when a user gain excessive rights during their career progression in the company

38
New cards

user account control (UAC)

ensures that actions requiring administrative rights are explicitly authorized by the user

  • access is limited to what the user needs to do a job