What is IAM?
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications. Also referred to as identity management (IdM), and access management.
Modern access control is typically implemented as an identity and access management (IAM) system.
What are the 4 main processes IAM is comprised of?
Identification : Creating an account or ID that uniquely represents the user, device, or process on the network.
Authentication : Proving that a subject is who or what it claims to be when it attempts to access the resource. An authentication factor determines what sort of credential the subject can use.
Authorization: Determining what rights subjects should have on each resource, and enforcing those rights. An authorization model determines how these rights are granted.
Accounting - Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.
What is a authentication factor and what are the categories for them?
An authentication factor is the type of data used to create a credential.
These are the following categories:
-Knowledge factor: Something you know (such as a password).
-Ownership factor: Something you have (such as a smart card).
-Human or biometric factor: Something you are (such as a fingerprint).
-Behavioral factor: Something you do (such as making a signature).
-Location factor: Somewhere you are, such as only being able to log into an account from a specific location, known as geofencing.
-Time factor: Somewhen you are (such as only being permitted to start a session during work hours or using an access token before it expires).
How does Windows Authentication work?
Windows local sign-in—The Local Security Authority (LSA) compares the submitted credential to a hash stored in the Security Accounts Manager (SAM) database, which is part of the registry. This is also referred to as interactive logon.
Windows network sign-in—The LSA can pass the credentials for authentication to a network service. The preferred system for network authentication is based on Kerberos, but legacy network applications might use NT LAN Manager (NTLM) authentication.
Remote sign-in—If the user’s device is not connected to the local network, authentication can take place over some type of virtual private network (VPN) or web portal.
How does Linux Authentication work?
Local user account names are stored in /etc/passwd.
When a user logs in to a local interactive shell, the password is checked against a hash stored in /etc/shadow.
Interactive login over a network is typically accomplished using SSH. With SSH the user can be authenticated using cryptographic keys instead of a password.
What is PAM? (Pluggable Authentication Module.)
Pluggable Authentication Module.
A package for enabling different authentication providers, such as smart card login.
The PAM framework can also be used to implement authentication to network servers.
What does SSO do?
Single Sign On.
Allows the user to authenticate once to a local device and be authorized to access compatible application servers without having to enter credentials again.
Ex. A user could log in to a Windows computer using a Microsoft account and be able to access OneDrive, Teams, Office 365 in Outlook, and other linked Microsoft and non-Microsoft web services, without having to sign in again.
What are the 2 services that make up a KDC?
The Authentication Service: Responsible for authenticating user logon requests. Once users are authenticated the KDC server grants a Ticket Granting Ticket.
The Ticket Granting Service: When a client supplies a Ticket Granting Ticket to a Ticket Granting Service they are granted a service ticket to access resources within the domain.
What is Kerberos?
A single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.
Provides SSO authentication to Active Directory, as well as compatibility with other, non-Windows operating systems.
Kerberos consists of three parts:
-Client (which requests services)
-Server (from which the service is requested)
-Key Distribution Center (KDC)—to vouch for their identity.
How does asymmetric encryption work?
With asymmetric encryption, you generate a key pair. The private key in the pair remains a secret that only you know. The public key can be transmitted to other subjects. The private key cannot be derived from the public key.
The public key cannot be used to decrypt a message.
What is PKI?
Public Key Infrastructure.
A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
Aims to prove that the owners of public keys are who they say they are.
What are self signed certificates and when are they useful?
A digital certificate that has been signed by the entity that issued it, rather than by a CA.
Can also be useful in development and test environments.
They are very difficult to validate and should not be used to protect critical hosts and applications.
What is key management?
Operational considerations for the various stages in the lifecycle of an encryption key or key pair.
What stages might a keys lifecycle involve?
Key Generation: Creates an asymmetric key pair or symmetric secret key of the required strength, using the chosen cipher.
Storage: Prevents unauthorized access to a private or secret key and protects against loss or damage.
Revocation: Prevents use of the key if it is compromised.
Expiration and Renewal: Gives the certificate that validates the key a “shelf-life” to increase security. Every certificate expires after a certain period. Certificates can be renewed with the same key pair or with a new key pair.
What is decentralized key management?
That keys are generated and managed directly on the computer or user account that will use the certificate.
What is centralized key management?
The practice of managing, storing, and controlling cryptographic keys within a single, unified system rather than distributing them across multiple applications or locations.
Ex. A dedicated server or appliance is used to generate and store keys. When a device or app needs to perform a cryptographic operation, it uses the Key Management Interoperability Protocol (KMIP) to communicate with the server.
What is Federation?
The notion that a network needs to be accessible to more than just a well-defined group of employees.
In business, a company might need to make parts of its network open to partners, suppliers, and customers.
Federation means that the company trusts accounts created and managed by a different network.
ex. If Google and Facebook establish a federated network for the purpose of authentication and authorization, then the user can log on to Facebook using their Google credentials or vice versa.
How is Federated identity management done?
1.A service provider (SP) establishes a trust relationship with an identity provider (IdP).
- The principal attempts to access a service provider.
- The service provider redirects the principal to the IdP.
- The principal authenticates with the identity provider.
- If authentication is successful, the principal obtains a claim, in the form of some sort of token or document signed by the IdP.
6.The principal presents the claim to the service provider. The SP can validate that the IdP has signed the claim because of its trust relationship with the IdP.
What is SAML?
Security Assertion Markup Language.
An XML-based data format used to exchange authentication information between a client and a service.
SAML assertions (claims) are written in eXtensible Markup Language (XML).
Communications are established using HTTP/HTTPS and the Simple Object Access Protocol (SOAP).
The secure tokens are signed using the XML signature specification.
The use of a digital signature allows the relying party to trust the identity provider.
What is the AAA architecture and what are its components?
authentication, authorization, and accounting.
AAA uses the following components:
-Supplicant: The device requesting access i.e a user’s PC or laptop.
-Network access server (NAS) or network access point (NAP): Edge network appliances, such as switches, access points, and VPN gateways. These are also referred to as AAA clients or authenticators.
-AAA server: The authentication server, positioned within the local network. This server either holds a database of accounts and credentials or has access to a directory server that can authenticate requests and issue SSO authorizations. There are two main types of AAA server: RADIUS and TACACS+.
NOTE: Remote Access typically uses AAA architecture.
What is RADIUS?
Remote Authentication Dial-In User Service.
An AAA protocol used to manage remote and wireless authentication infrastructures.
Very widely used for client device access over VPNs.
Typically uses UDP ports 1812 and 1813.
Each RADIUS client must be configured with the IP address of the RADIUS server plus the same shared secret.
What is TACAS+?
Terminal Access Controller Access Control System.
An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.
A similar protocol to RADIUS but designed to be more flexible and reliable because it separates the AAA functions while RADIUS does not.
It is also supported on many of the other third-party and open source RADIUS server implementations.
Often used in authenticating administrative access to routers and switches.
Uses TCP over port 49, and the reliable delivery offered by TCP makes it easier to detect when a server is down.
What is a key pair in public key cryptography?
A set of two keys, one public and one private, used together.
Which factor determines the type of credential a subject can use for authentication?
Authentication Factor.
-
Topologies15
-
OSI Model15
-
SOHO Networks7
-
Troubleshooting methodology2
-
Ethernet3
-
Wiring Implementation11
-
Ports6
-
Fiber Optic Cables17
-
Common acronyms4
-
Physical installation factors.. Racks etc12
-
Cable Troubleshooting18
-
Network interfaces8
-
Network Threats and Attacks5
-
Authentication2
-
Hubs Bridges and Switches8
-
Cat cables9
-
switch port configuration and troubleshooting33
-
IP47
-
routing techniques50
-
Headers2
-
Transport and application layer protocols52
-
application services32
-
Supporting Network Management99
-
Explaining Network security concepts53
-
Applying Network Security Features56
-
Supporting Network Security Design30
-
Configuring Wireless networks67
-
Comparing remote access methods25
-
Summarizing cloud concepts9
